45 lines
913 B
Nix
45 lines
913 B
Nix
{ lib, ... }:
|
|
|
|
let
|
|
inherit (lib) mkEnableOption mkOption types;
|
|
in
|
|
|
|
{
|
|
enable = mkEnableOption "iptables";
|
|
|
|
#tables.filter.INPUT = {
|
|
# policy = "DROP";
|
|
# rules = [
|
|
# { predicate = "-i retiolum"; target = "ACCEPT"; priority = -10; }
|
|
# ];
|
|
#};
|
|
#new api
|
|
tables = mkOption {
|
|
type = with types; attrsOf (attrsOf (submodule ({
|
|
options = {
|
|
policy = mkOption {
|
|
type = str;
|
|
default = "-";
|
|
};
|
|
rules = mkOption {
|
|
type = nullOr (listOf (submodule ({
|
|
options = {
|
|
predicate = mkOption {
|
|
type = str;
|
|
};
|
|
target = mkOption {
|
|
type = str;
|
|
};
|
|
precedence = mkOption {
|
|
type = int;
|
|
default = 0;
|
|
};
|
|
};
|
|
})));
|
|
default = null;
|
|
};
|
|
};
|
|
})));
|
|
};
|
|
}
|