summaryrefslogtreecommitdiffstats
path: root/tv/3modules/iptables.nix
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-02-08 02:19:38 +0100
committertv <tv@krebsco.de>2016-02-08 02:24:17 +0100
commit356bb8e0d3f9add02e177a3bdfa9314e1369748e (patch)
tree193afca4018d76c58aeccc3a05cdcbd623c80b36 /tv/3modules/iptables.nix
parent7f7256a76f5698a9f8599ce71780f47ab13590f4 (diff)
tv.iptables: redirect 11423 locally too
Diffstat (limited to 'tv/3modules/iptables.nix')
-rw-r--r--tv/3modules/iptables.nix13
1 files changed, 7 insertions, 6 deletions
diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix
index 9d5b5d075..a4ebef44f 100644
--- a/tv/3modules/iptables.nix
+++ b/tv/3modules/iptables.nix
@@ -68,12 +68,13 @@ let
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
- ${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") ([]
- ++ [
- "! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0"
- "-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
- ]
- )}
+ ${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") [
+ "! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0"
+ "-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
+ ]}
+ ${concatMapStringsSep "\n" (rule: "-A OUTPUT ${rule}") [
+ "-o lo -p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
+ ]}
COMMIT
*filter
:INPUT DROP [0:0]