1 { pkgs, lib, config, ... }:
3 inherit (builtins) hasAttr readFile;
4 inherit (pkgs.lib) unlinesAttrs;
5 inherit (config.services) shorewall shorewall6;
24 #HTTPS(ACCEPT) net $FW
46 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
47 # PORT(S) PORT(S) LIMIT GROUP
54 services.shorewall = {
58 ${readFile "${shorewall.package}/etc-example/shorewall/shorewall.conf"}
66 # DOC: shorewall-zones(5)
73 # DOC: shorewall-interfaces(5)
75 net enp1s0 arp_filter,nosmurfs,routefilter=1,tcpflags
76 lan enp2s0 arp_filter,nosmurfs,routefilter=1,tcpflags,dhcp
77 unused enp3s0 arp_filter,nosmurfs,routefilter=1,tcpflags
80 # DOC: shorewall-policy(5)
85 # WARNING: the following policy must be last
89 # DOC: shorewall-rules(5)
103 services.shorewall6 = {
105 configs = macros // {
106 "shorewall6.conf" = ''
107 ${readFile "${shorewall6.package}/etc-example/shorewall6/shorewall6.conf"}
115 # DOC: shorewall-zones(5)
122 # DOC: shorewall-interfaces(5)
124 net enp1s0 nosmurfs,tcpflags
125 lan enp2s0 nosmurfs,tcpflags
126 unused enp3s0 nosmurfs,tcpflags
129 # DOC: shorewall-policy(5)
134 # WARNING: the following policy must be last
138 # DOC: shorewall-rules(5)