From 2070da74ab09d5dacaf62c3d8a72adab41c0be37 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 26 Nov 2016 19:10:02 +0100
Subject: k 3 iptables: add v4 and v6 options per rule

---
 krebs/3modules/iptables.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'krebs/3modules/iptables.nix')

diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index d48ff6f2..a4a4de6f 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -46,6 +46,14 @@ let
                   type = int;
                   default = 0;
                 };
+                v4 = mkOption {
+                  type = bool;
+                  default = true;
+                };
+                v6 = mkOption {
+                  type = bool;
+                  default = true;
+                };
               };
             })));
             default = null;
@@ -90,7 +98,8 @@ let
 
       buildChain = tn: cn:
         let
-          sortedRules = sort (a: b: a.precedence > b.precedence) ts."${tn}"."${cn}".rules;
+          filteredRules = filter (r: r."${v}") ts."${tn}"."${cn}".rules;
+          sortedRules = sort (a: b: a.precedence > b.precedence) filteredRules;
 
         in
           #TODO: double check should be unneccessary, refactor!
-- 
cgit v1.2.3