nixos-module/container/upstream: catch preexisting iptables chains

This commit is contained in:
Astro 2022-08-29 19:46:48 +02:00
parent c5f57bd8c1
commit 09e4beb737
1 changed files with 4 additions and 2 deletions

View File

@ -61,12 +61,14 @@ in
externalIP = staticIpv4Address;
extraCommands = ''
# Prohibit SMTP except for servers
iptables -N fwd_smtp
iptables -N fwd_smtp || \
iptables -F fwd_smtp
iptables -A fwd_smtp --source ${config.site.net.serv.subnet4} -j RETURN
iptables -A fwd_smtp -j REJECT
iptables -I FORWARD -p tcp --dport 25 -j fwd_smtp
ip6tables -N fwd_smtp
ip6tables -N fwd_smtp \\
ip6tables -F fwd_smtp
${lib.concatMapStrings (subnet6: ''
ip6tables -A fwd_smtp --source ${subnet6} -j RETURN
ip6tables -A fwd_smtp --dest ${subnet6} -j RETURN