make parsons/nftables.nix nicer #10

Closed
stuebinm wants to merge 1 commit from nicer-nftables into main
Showing only changes of commit f389de9c55 - Show all commits

View file

@ -1,5 +1,13 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
cfg = config.networking.firewall;
mkPorts = ports: ranges:
lib.strings.concatStringsSep ", "
(map ({from, to}: "${toString from}-${toString to}") ranges
++
map toString ports);
in
{ {
networking.firewall.enable = false; networking.firewall.enable = false;
networking.nat.enable = false; networking.nat.enable = false;
@ -39,9 +47,9 @@
iifname { lo } accept iifname { lo } accept
tcp dport { 25, 80, 443, 465, 587, 993, 4190, 62954, 64738 } accept tcp dport { ${mkPorts cfg.allowedTCPPorts cfg.allowedTCPPortRanges} } accept
udp dport { 60000-61000, 64738 } accept udp dport { ${mkPorts cfg.allowedUDPPorts cfg.allowedUDPPortRanges} } accept
# DHCPv6 # DHCPv6
ip6 daddr fe80::/64 udp dport 546 accept ip6 daddr fe80::/64 udp dport 546 accept