1 { pkgs, lib, config, ... }:
3 inherit (builtins) hasAttr readFile;
4 inherit (pkgs.lib) unlinesAttrs;
5 inherit (config.services) shorewall shorewall6;
24 #HTTPS(ACCEPT) net $FW
48 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
49 # PORT(S) PORT(S) LIMIT GROUP
54 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
55 # PORT(S) PORT(S) LIMIT GROUP
56 PARAM - - udp 60000-61000
61 services.shorewall = {
65 ${readFile "${shorewall.package}/etc-example/shorewall/shorewall.conf"}
73 # DOC: shorewall-zones(5)
80 # DOC: shorewall-interfaces(5)
82 net enp1s0 arp_filter,nosmurfs,routefilter=1,tcpflags
83 lan enp2s0 arp_filter,nosmurfs,routefilter=1,tcpflags
84 unused enp3s0 arp_filter,nosmurfs,routefilter=1,tcpflags
87 # DOC: shorewall-policy(5)
92 # WARNING: the following policy must be last
96 # DOC: shorewall-rules(5)
110 services.shorewall6 = {
112 configs = macros // {
113 "shorewall6.conf" = ''
114 ${readFile "${shorewall6.package}/etc-example/shorewall6/shorewall6.conf"}
122 # DOC: shorewall-zones(5)
129 # DOC: shorewall-interfaces(5)
131 net enp1s0 nosmurfs,tcpflags
132 lan enp2s0 nosmurfs,tcpflags
133 unused enp3s0 nosmurfs,tcpflags
136 # DOC: shorewall-policy(5)
141 # WARNING: the following policy must be last
145 # DOC: shorewall-rules(5)