1 { pkgs, lib, config, ... }:
3 inherit (builtins) hasAttr readFile;
4 inherit (pkgs.lib) unlinesAttrs;
5 inherit (config) users;
6 inherit (config.services) shorewall shorewall6;
12 DNS(ACCEPT) $FW net {user=${users.users.unbound.name}}
14 HKP(ACCEPT) $FW net {user=${users.users.julm.name}}
17 IRCS(ACCEPT) $FW net {user=${users.users.julm.name}}
35 SSH(ACCEPT) net $FW {rate=s:1/min:10}
41 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
42 # PORT(S) PORT(S) LIMIT GROUP
47 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
48 # PORT(S) PORT(S) LIMIT GROUP
53 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
54 # PORT(S) PORT(S) LIMIT GROUP
55 PARAM - - udp 60000-61000
60 services.shorewall = {
64 ${readFile "${shorewall.package}/etc-example/shorewall/shorewall.conf"}
72 # DOC: shorewall-zones(5)
77 # DOC: shorewall-interfaces(5)
79 net enp1s0 arp_filter,nosmurfs,routefilter=1,tcpflags
82 # DOC: shorewall-policy(5)
85 # WARNING: the following policy must be last
89 # DOC: shorewall-rules(5)
100 services.shorewall6 = {
102 configs = macros // {
103 "shorewall6.conf" = ''
104 ${readFile "${shorewall6.package}/etc-example/shorewall6/shorewall6.conf"}
112 # DOC: shorewall-zones(5)
117 # DOC: shorewall-interfaces(5)
119 net enp1s0 nosmurfs,tcpflags
122 # DOC: shorewall-policy(5)
125 # WARNING: the following policy must be last
129 # DOC: shorewall-rules(5)