diff options
author | Ryan Trinkle <ryan.trinkle@gmail.com> | 2018-01-02 14:32:42 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-02 14:32:42 -0500 |
commit | f1a6fa6eec0541d4fbc3b61aedd97c6027922976 (patch) | |
tree | 6419e934d086d1063df3a00f23e3a325f8af5c29 | |
parent | 58f9fd64ef3bb13a554a91757ffd736886e196c8 (diff) | |
parent | ab2b3a5d0ab682388a39e267705e2f838199b179 (diff) | |
download | nixlib-f1a6fa6eec0541d4fbc3b61aedd97c6027922976.tar nixlib-f1a6fa6eec0541d4fbc3b61aedd97c6027922976.tar.gz nixlib-f1a6fa6eec0541d4fbc3b61aedd97c6027922976.tar.bz2 nixlib-f1a6fa6eec0541d4fbc3b61aedd97c6027922976.tar.lz nixlib-f1a6fa6eec0541d4fbc3b61aedd97c6027922976.tar.xz nixlib-f1a6fa6eec0541d4fbc3b61aedd97c6027922976.tar.zst nixlib-f1a6fa6eec0541d4fbc3b61aedd97c6027922976.zip |
Merge pull request #32258 from ryantrinkle/add-nat-extraCommands
nat: add extraCommands option
-rw-r--r-- | nixos/modules/services/networking/nat.nix | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix index bfaf30c11783..df4246d216d8 100644 --- a/nixos/modules/services/networking/nat.nix +++ b/nixos/modules/services/networking/nat.nix @@ -19,6 +19,8 @@ let iptables -w -t nat -D POSTROUTING -j nixos-nat-post 2>/dev/null || true iptables -w -t nat -F nixos-nat-post 2>/dev/null || true iptables -w -t nat -X nixos-nat-post 2>/dev/null || true + + ${cfg.extraStopCommands} ''; setupNat = '' @@ -59,6 +61,8 @@ let --to-destination ${cfg.dmzHost} ''} + ${cfg.extraCommands} + # Append our chains to the nat tables iptables -w -t nat -A PREROUTING -j nixos-nat-pre iptables -w -t nat -A POSTROUTING -j nixos-nat-post @@ -170,6 +174,28 @@ in ''; }; + networking.nat.extraCommands = mkOption { + type = types.lines; + default = ""; + example = "iptables -A INPUT -p icmp -j ACCEPT"; + description = + '' + Additional shell commands executed as part of the nat + initialisation script. + ''; + }; + + networking.nat.extraStopCommands = mkOption { + type = types.lines; + default = ""; + example = "iptables -D INPUT -p icmp -j ACCEPT || true"; + description = + '' + Additional shell commands executed as part of the nat + teardown script. + ''; + }; + }; |