make parsons/nftables.nix nicer #10

Closed

stuebinm wants to merge 1 commits from nicer-nftables into main

stuebinm commented

2024-04-06 13:02:45 +00:00

Owner

This re-uses the (currently unused) config options networking.firewall.allowed{TCP,UDP}Port{Range,}s again.

It's a no-op as far as actual config is concerned, but I think it makes the config easier to work with, though there are still many other networking options which we set that currently do nothing (e.g. the network bridge to lxc).

I'm not sure how much of these we want to solve like this; if we do too many, we'd wind up maintaining yet another nftables module.

Alternatively, we could also decide that using nftables "by hand" is fine with us. but then we should probably remove all the config options which don't do anything anymore..

This re-uses the (currently unused) config options `networking.firewall.allowed{TCP,UDP}Port{Range,}s` again. It's a no-op as far as actual config is concerned, but I think it makes the config easier to work with, though there are still many other networking options which we set that currently do nothing (e.g. the network bridge to lxc). I'm not sure how much of these we want to solve like this; if we do too many, we'd wind up maintaining yet another nftables module. Alternatively, we could also decide that using nftables "by hand" is fine with us. but then we should probably remove all the config options which don't do anything anymore..

stuebinm added 1 commit 2024-04-06 13:02:45 +00:00

f389de9c55 nftables: use networking.firewall.allowed{TCP,UDP}Port{s,Ranges}

This is a no-op as far as actual config is concerned, but allows using
the usual networking options again, which before this commit were just
old unused code lying around.

There are still many other networking options which we set that
currently do nothing (e.g. the network bridge to lxc).

stuebinm requested review from moira 2024-04-06 13:03:14 +00:00