summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/iptables.nix
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2016-11-26 19:10:02 +0100
committerlassulus <lass@aidsballs.de>2016-11-26 19:10:02 +0100
commit2070da74ab09d5dacaf62c3d8a72adab41c0be37 (patch)
treefb600d626d8233ee56fb4719037be7a9ea756ec1 /krebs/3modules/iptables.nix
parenteb7d02406476e1b4002f05d4ac106593ce4e29ce (diff)
k 3 iptables: add v4 and v6 options per rule
Diffstat (limited to 'krebs/3modules/iptables.nix')
-rw-r--r--krebs/3modules/iptables.nix11
1 files changed, 10 insertions, 1 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index d48ff6f2b..a4a4de6f9 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -46,6 +46,14 @@ let
type = int;
default = 0;
};
+ v4 = mkOption {
+ type = bool;
+ default = true;
+ };
+ v6 = mkOption {
+ type = bool;
+ default = true;
+ };
};
})));
default = null;
@@ -90,7 +98,8 @@ let
buildChain = tn: cn:
let
- sortedRules = sort (a: b: a.precedence > b.precedence) ts."${tn}"."${cn}".rules;
+ filteredRules = filter (r: r."${v}") ts."${tn}"."${cn}".rules;
+ sortedRules = sort (a: b: a.precedence > b.precedence) filteredRules;
in
#TODO: double check should be unneccessary, refactor!