summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/iptables.nix
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules/iptables.nix')
-rw-r--r--krebs/3modules/iptables.nix11
1 files changed, 10 insertions, 1 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index d48ff6f2..a4a4de6f 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -46,6 +46,14 @@ let
type = int;
default = 0;
};
+ v4 = mkOption {
+ type = bool;
+ default = true;
+ };
+ v6 = mkOption {
+ type = bool;
+ default = true;
+ };
};
})));
default = null;
@@ -90,7 +98,8 @@ let
buildChain = tn: cn:
let
- sortedRules = sort (a: b: a.precedence > b.precedence) ts."${tn}"."${cn}".rules;
+ filteredRules = filter (r: r."${v}") ts."${tn}"."${cn}".rules;
+ sortedRules = sort (a: b: a.precedence > b.precedence) filteredRules;
in
#TODO: double check should be unneccessary, refactor!
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-13 23:12:43 +0000