diff options
author | tv <tv@krebsco.de> | 2015-07-18 12:34:18 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2015-07-18 12:48:57 +0200 |
commit | 75b2d2aa50b95b0844f8e3eab2c68c223ffad2ee (patch) | |
tree | f837434d0d1c8e519385ab47649f24b5ffdaaf48 /3modules/tv/iptables.nix | |
parent | b02927de5f818bf8637f26c3dbb4bd172b835850 (diff) |
3 tv.iptables: unique ports
Diffstat (limited to '3modules/tv/iptables.nix')
-rw-r--r-- | 3modules/tv/iptables.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/3modules/tv/iptables.nix b/3modules/tv/iptables.nix index 7b9edd3..21cf773 100644 --- a/3modules/tv/iptables.nix +++ b/3modules/tv/iptables.nix @@ -76,7 +76,7 @@ let "-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT" "-i lo -j ACCEPT" ] - ++ map accept-new-tcp cfg.input-internet-accept-new-tcp + ++ map accept-new-tcp (unique cfg.input-internet-accept-new-tcp) ++ ["-i retiolum -j Retiolum"] )} ${concatMapStringsSep "\n" (rule: "-A Retiolum ${rule}") ([] @@ -88,7 +88,7 @@ let "-p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT" ]; }."ip${toString iptables-version}tables" - ++ map accept-new-tcp cfg.input-retiolum-accept-new-tcp + ++ map accept-new-tcp (unique cfg.input-retiolum-accept-new-tcp) ++ { ip4tables = [ "-p tcp -j REJECT --reject-with tcp-reset" |