diff options
Diffstat (limited to '3modules')
| -rw-r--r-- | 3modules/lass/iptables.nix | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/3modules/lass/iptables.nix b/3modules/lass/iptables.nix index ba05abeb..52058821 100644 --- a/3modules/lass/iptables.nix +++ b/3modules/lass/iptables.nix @@ -114,20 +114,18 @@ let "" else concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([] - ++ map buildRule ts."${tn}"."${cn}".rules + ++ map (buildRule tn cn) ts."${tn}"."${cn}".rules ) else "" ; - buildRule = rule: - #TODO implement rule validation-test here - # - #target: - #target needs to be an existing chain (in the same table) or ACCEPT, REJECT, DROP, LOG, QUEUE, RETURN + buildRule = tn: cn: rule: + #target validation test: + assert (elemIsIn rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ ts."${tn}"."${cn}")); - #predicate: + #predicate validation test: #maybe use iptables-test #TODO: howto exit with evaluation error by shellscript? #apperantly not possible from nix because evalatution wouldn't be deterministic. |