network/nix/nixos-module/firewall.nix

15 lines
391 B
Nix

{ hostName, config, lib, ... }:
lib.mkIf config.site.hosts.${hostName}.firewall.enable {
networking.firewall = {
enable = true;
extraCommands = ''
ip46tables -A FORWARD -i core -m state --state ESTABLISHED,RELATED -j ACCEPT
ip46tables -A FORWARD -i core -j REJECT --reject-with net-unreach
'';
extraStopCommands = ''
ip46tables -F FORWARD
'';
};
}