From ab2b3a5d0ab682388a39e267705e2f838199b179 Mon Sep 17 00:00:00 2001 From: Ryan Trinkle Date: Wed, 6 Dec 2017 11:17:38 -0500 Subject: [PATCH] nat: add extraCommands and extraStopCommands options --- nixos/modules/services/networking/nat.nix | 26 +++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix index bfaf30c11783..df4246d216d8 100644 --- a/nixos/modules/services/networking/nat.nix +++ b/nixos/modules/services/networking/nat.nix @@ -19,6 +19,8 @@ let iptables -w -t nat -D POSTROUTING -j nixos-nat-post 2>/dev/null || true iptables -w -t nat -F nixos-nat-post 2>/dev/null || true iptables -w -t nat -X nixos-nat-post 2>/dev/null || true + + ${cfg.extraStopCommands} ''; setupNat = '' @@ -59,6 +61,8 @@ let --to-destination ${cfg.dmzHost} ''} + ${cfg.extraCommands} + # Append our chains to the nat tables iptables -w -t nat -A PREROUTING -j nixos-nat-pre iptables -w -t nat -A POSTROUTING -j nixos-nat-post @@ -170,6 +174,28 @@ in ''; }; + networking.nat.extraCommands = mkOption { + type = types.lines; + default = ""; + example = "iptables -A INPUT -p icmp -j ACCEPT"; + description = + '' + Additional shell commands executed as part of the nat + initialisation script. + ''; + }; + + networking.nat.extraStopCommands = mkOption { + type = types.lines; + default = ""; + example = "iptables -D INPUT -p icmp -j ACCEPT || true"; + description = + '' + Additional shell commands executed as part of the nat + teardown script. + ''; + }; + };