summaryrefslogtreecommitdiffstats
path: root/3modules/tv/iptables.nix
diff options
context:
space:
mode:
authortv <tv@shackspace.de>2015-07-19 16:12:21 +0200
committertv <tv@shackspace.de>2015-07-19 16:12:21 +0200
commitc441f091d3923d2624683373b91bf711028e76f5 (patch)
tree99029d7d0658a4e95c6da2aafccd28909e5d6373 /3modules/tv/iptables.nix
parent6db748f4b508bece0b62afeb200858555644e145 (diff)
3 tv.iptables: allow numeric ports
Diffstat (limited to '3modules/tv/iptables.nix')
-rw-r--r--3modules/tv/iptables.nix8
1 files changed, 4 insertions, 4 deletions
diff --git a/3modules/tv/iptables.nix b/3modules/tv/iptables.nix
index 21cf77320..173e5826d 100644
--- a/3modules/tv/iptables.nix
+++ b/3modules/tv/iptables.nix
@@ -14,12 +14,12 @@ let
enable = mkEnableOption "tv.iptables";
input-internet-accept-new-tcp = mkOption {
- type = with types; listOf str;
+ type = with types; listOf (either int str);
default = [];
};
input-retiolum-accept-new-tcp = mkOption {
- type = with types; listOf str;
+ type = with types; listOf (either int str);
default = [];
};
};
@@ -76,7 +76,7 @@ let
"-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT"
"-i lo -j ACCEPT"
]
- ++ map accept-new-tcp (unique cfg.input-internet-accept-new-tcp)
+ ++ map accept-new-tcp (unique (map toString cfg.input-internet-accept-new-tcp))
++ ["-i retiolum -j Retiolum"]
)}
${concatMapStringsSep "\n" (rule: "-A Retiolum ${rule}") ([]
@@ -88,7 +88,7 @@ let
"-p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT"
];
}."ip${toString iptables-version}tables"
- ++ map accept-new-tcp (unique cfg.input-retiolum-accept-new-tcp)
+ ++ map accept-new-tcp (unique (map toString cfg.input-retiolum-accept-new-tcp))
++ {
ip4tables = [
"-p tcp -j REJECT --reject-with tcp-reset"