nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-25 08:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #68459 from volth/patch-364

Browse Source 
nixos/nat: create nixos-nat-{pre,post,out} in ip6tables too
This commit is contained in:
Andreas Rammhold 2019-12-12 15:55:51 +01:00 committed by GitHub
commit e8bb94fca9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
nixos/modules/services/networking/nat.nix
View File

@ -13,20 +13,24 @@ let
dest = if cfg.externalIP == null then "-j MASQUERADE" else "-j SNAT --to-source ${cfg.externalIP}";
flushNat = ''
iptables -w -t nat -D PREROUTING -j nixos-nat-pre 2>/dev/null|| true
iptables -w -t nat -F nixos-nat-pre 2>/dev/null || true
iptables -w -t nat -X nixos-nat-pre 2>/dev/null || true
iptables -w -t nat -D POSTROUTING -j nixos-nat-post 2>/dev/null || true
iptables -w -t nat -F nixos-nat-post 2>/dev/null || true
iptables -w -t nat -X nixos-nat-post 2>/dev/null || true
ip46tables -w -t nat -D PREROUTING -j nixos-nat-pre 2>/dev/null|| true
ip46tables -w -t nat -F nixos-nat-pre 2>/dev/null || true
ip46tables -w -t nat -X nixos-nat-pre 2>/dev/null || true
ip46tables -w -t nat -D POSTROUTING -j nixos-nat-post 2>/dev/null || true
ip46tables -w -t nat -F nixos-nat-post 2>/dev/null || true
ip46tables -w -t nat -X nixos-nat-post 2>/dev/null || true
ip46tables -w -t nat -D OUTPUT -j nixos-nat-out 2>/dev/null || true
ip46tables -w -t nat -F nixos-nat-out 2>/dev/null || true
ip46tables -w -t nat -X nixos-nat-out 2>/dev/null || true
${cfg.extraStopCommands}
'';
setupNat = ''
# Create subchain where we store rules
iptables -w -t nat -N nixos-nat-pre
iptables -w -t nat -N nixos-nat-post
ip46tables -w -t nat -N nixos-nat-pre
ip46tables -w -t nat -N nixos-nat-post
ip46tables -w -t nat -N nixos-nat-out
# We can't match on incoming interface in POSTROUTING, so
# mark packets coming from the internal interfaces.
@ -88,8 +92,9 @@ let
${cfg.extraCommands}
# Append our chains to the nat tables
iptables -w -t nat -A PREROUTING -j nixos-nat-pre
iptables -w -t nat -A POSTROUTING -j nixos-nat-post
ip46tables -w -t nat -A PREROUTING -j nixos-nat-pre
ip46tables -w -t nat -A POSTROUTING -j nixos-nat-post
ip46tables -w -t nat -A OUTPUT -j nixos-nat-out
'';
in