2 lass.base: use precedence in iptables config

author: lassulus <lass@aidsballs.de> 2015-07-23 02:19:24 +0200
committer: lassulus <lass@aidsballs.de> 2015-07-23 02:19:24 +0200
commit: 493184a2f4b7d0f0cf407731e11e6cb9565f5aa8 (patch)
tree: 7739475516630c69d0125b55480411605c05b9a8 /2configs/lass
parent: cbd8d5e8db94c41b8fca33d23419c88ad109a551 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix
index 35631ff..b24e6a9 100644
--- a/2configs/lass/base.nix
+++ b/2configs/lass/base.nix
@@ -125,10 +125,10 @@ with lib;
       filter.INPUT.policy = "DROP";
       filter.FORWARD.policy = "DROP";
       filter.INPUT.rules = [
-        { predicate = "-i lo"; target = "ACCEPT"; }
-        { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
-        { predicate = "-p icmp"; target = "ACCEPT"; }
-        { predicate = "-p tcp --dport 22"; target = "ACCEPT"; }
+        { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
+        { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+        { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
+        { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
       ];
     };
   };
author	lassulus <lass@aidsballs.de>	2015-07-23 02:19:24 +0200
committer	lassulus <lass@aidsballs.de>	2015-07-23 02:19:24 +0200
commit	493184a2f4b7d0f0cf407731e11e6cb9565f5aa8 (patch)
tree	7739475516630c69d0125b55480411605c05b9a8 /2configs/lass
parent	cbd8d5e8db94c41b8fca33d23419c88ad109a551 (diff)