summaryrefslogtreecommitdiffstats
path: root/2configs/lass/base.nix
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-07-23 02:19:24 +0200
committerlassulus <lass@aidsballs.de>2015-07-23 02:19:24 +0200
commit5913192e74212e3398b126d50030cfd60333c295 (patch)
tree7739475516630c69d0125b55480411605c05b9a8 /2configs/lass/base.nix
parentab9a4dac127f378471126a72c7dc36a5ae7c29d6 (diff)
2 lass.base: use precedence in iptables config
Diffstat (limited to '2configs/lass/base.nix')
-rw-r--r--2configs/lass/base.nix8
1 files changed, 4 insertions, 4 deletions
diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix
index 35631ffef..b24e6a9a4 100644
--- a/2configs/lass/base.nix
+++ b/2configs/lass/base.nix
@@ -125,10 +125,10 @@ with lib;
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
- { predicate = "-i lo"; target = "ACCEPT"; }
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- { predicate = "-p icmp"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; }
+ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
+ { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+ { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
+ { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
];
};
};