Loading nixos/modules/services/networking/firewall-nftables.nix +2 −7 Original line number Diff line number Diff line Loading @@ -70,10 +70,8 @@ in } ]; networking.nftables.ruleset = '' table inet nixos-fw { networking.nftables.tables."nixos-fw".family = "inet"; networking.nftables.tables."nixos-fw".content = '' ${optionalString (cfg.checkReversePath != false) '' chain rpfilter { type filter hook prerouting priority mangle + 10; policy drop; Loading Loading @@ -169,9 +167,6 @@ in } ''} } ''; }; Loading nixos/modules/services/networking/nat-nftables.nix +18 −18 Original line number Diff line number Diff line Loading @@ -145,28 +145,28 @@ in } ]; networking.nftables.ruleset = '' table ip nixos-nat { ${mkTable { networking.nftables.tables = { "nixos-nat" = { family = "ip"; content = mkTable { ipVer = "ip"; inherit dest ipSet; forwardPorts = filter (x: !(isIPv6 x.destination)) cfg.forwardPorts; inherit (cfg) dmzHost; }} } ${optionalString cfg.enableIPv6 '' table ip6 nixos-nat { ${mkTable { }; }; "nixos-nat6" = mkIf cfg.enableIPv6 { family = "ip6"; name = "nixos-nat"; content = mkTable { ipVer = "ip6"; dest = destIPv6; ipSet = ipv6Set; forwardPorts = filter (x: isIPv6 x.destination) cfg.forwardPorts; dmzHost = null; }} } ''} ''; }; }; }; networking.firewall.extraForwardRules = optionalString config.networking.firewall.filterForward '' ${optionalString (ifaceSet != "") '' Loading nixos/tests/lxd/nftables.nix +2 −3 Original line number Diff line number Diff line Loading @@ -20,8 +20,8 @@ import ../make-test-python.nix ({ pkgs, ...} : { networking = { firewall.enable = false; nftables.enable = true; nftables.ruleset = '' table inet filter { nftables.tables."filter".family = "inet"; nftables.tables."filter".content = '' chain incoming { type filter hook input priority 0; policy accept; Loading @@ -36,7 +36,6 @@ import ../make-test-python.nix ({ pkgs, ...} : { type filter hook output priority 0; policy accept; } } ''; }; }; Loading Loading
nixos/modules/services/networking/firewall-nftables.nix +2 −7 Original line number Diff line number Diff line Loading @@ -70,10 +70,8 @@ in } ]; networking.nftables.ruleset = '' table inet nixos-fw { networking.nftables.tables."nixos-fw".family = "inet"; networking.nftables.tables."nixos-fw".content = '' ${optionalString (cfg.checkReversePath != false) '' chain rpfilter { type filter hook prerouting priority mangle + 10; policy drop; Loading Loading @@ -169,9 +167,6 @@ in } ''} } ''; }; Loading
nixos/modules/services/networking/nat-nftables.nix +18 −18 Original line number Diff line number Diff line Loading @@ -145,28 +145,28 @@ in } ]; networking.nftables.ruleset = '' table ip nixos-nat { ${mkTable { networking.nftables.tables = { "nixos-nat" = { family = "ip"; content = mkTable { ipVer = "ip"; inherit dest ipSet; forwardPorts = filter (x: !(isIPv6 x.destination)) cfg.forwardPorts; inherit (cfg) dmzHost; }} } ${optionalString cfg.enableIPv6 '' table ip6 nixos-nat { ${mkTable { }; }; "nixos-nat6" = mkIf cfg.enableIPv6 { family = "ip6"; name = "nixos-nat"; content = mkTable { ipVer = "ip6"; dest = destIPv6; ipSet = ipv6Set; forwardPorts = filter (x: isIPv6 x.destination) cfg.forwardPorts; dmzHost = null; }} } ''} ''; }; }; }; networking.firewall.extraForwardRules = optionalString config.networking.firewall.filterForward '' ${optionalString (ifaceSet != "") '' Loading
nixos/tests/lxd/nftables.nix +2 −3 Original line number Diff line number Diff line Loading @@ -20,8 +20,8 @@ import ../make-test-python.nix ({ pkgs, ...} : { networking = { firewall.enable = false; nftables.enable = true; nftables.ruleset = '' table inet filter { nftables.tables."filter".family = "inet"; nftables.tables."filter".content = '' chain incoming { type filter hook input priority 0; policy accept; Loading @@ -36,7 +36,6 @@ import ../make-test-python.nix ({ pkgs, ...} : { type filter hook output priority 0; policy accept; } } ''; }; }; Loading
