From 5913192e74212e3398b126d50030cfd60333c295 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 23 Jul 2015 02:19:24 +0200
Subject: 2 lass.base: use precedence in iptables config

---
 2configs/lass/base.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to '2configs/lass')

diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix
index 35631ffe..b24e6a9a 100644
--- a/2configs/lass/base.nix
+++ b/2configs/lass/base.nix
@@ -125,10 +125,10 @@ with lib;
       filter.INPUT.policy = "DROP";
       filter.FORWARD.policy = "DROP";
       filter.INPUT.rules = [
-        { predicate = "-i lo"; target = "ACCEPT"; }
-        { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
-        { predicate = "-p icmp"; target = "ACCEPT"; }
-        { predicate = "-p tcp --dport 22"; target = "ACCEPT"; }
+        { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
+        { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+        { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
+        { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
       ];
     };
   };
-- 
cgit v1.2.3