forked from zentralwerk/network
nixos-module/container/upstream: catch preexisting iptables chains
This commit is contained in:
parent
c5f57bd8c1
commit
09e4beb737
|
@ -61,12 +61,14 @@ in
|
||||||
externalIP = staticIpv4Address;
|
externalIP = staticIpv4Address;
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
# Prohibit SMTP except for servers
|
# Prohibit SMTP except for servers
|
||||||
iptables -N fwd_smtp
|
iptables -N fwd_smtp || \
|
||||||
|
iptables -F fwd_smtp
|
||||||
iptables -A fwd_smtp --source ${config.site.net.serv.subnet4} -j RETURN
|
iptables -A fwd_smtp --source ${config.site.net.serv.subnet4} -j RETURN
|
||||||
iptables -A fwd_smtp -j REJECT
|
iptables -A fwd_smtp -j REJECT
|
||||||
iptables -I FORWARD -p tcp --dport 25 -j fwd_smtp
|
iptables -I FORWARD -p tcp --dport 25 -j fwd_smtp
|
||||||
|
|
||||||
ip6tables -N fwd_smtp
|
ip6tables -N fwd_smtp \\
|
||||||
|
ip6tables -F fwd_smtp
|
||||||
${lib.concatMapStrings (subnet6: ''
|
${lib.concatMapStrings (subnet6: ''
|
||||||
ip6tables -A fwd_smtp --source ${subnet6} -j RETURN
|
ip6tables -A fwd_smtp --source ${subnet6} -j RETURN
|
||||||
ip6tables -A fwd_smtp --dest ${subnet6} -j RETURN
|
ip6tables -A fwd_smtp --dest ${subnet6} -j RETURN
|
||||||
|
|
Loading…
Reference in New Issue
Block a user