diff options
| author | Bob van der Linden <bobvanderlinden@gmail.com> | 2018-09-15 15:08:18 +0200 |
|---|---|---|
| committer | Bob van der Linden <bobvanderlinden@gmail.com> | 2018-09-15 23:10:24 +0200 |
| commit | d3eff01076dad707e5cda1be2e3bd6dfab596005 (patch) | |
| tree | 33135da5c858b2dda1979f7d0d124d14e750b964 /nixos/modules/services/networking | |
| parent | 20393278797514a9bb8d15a0ea52d57545079d4a (diff) | |
| download | nixlib-d3eff01076dad707e5cda1be2e3bd6dfab596005.tar nixlib-d3eff01076dad707e5cda1be2e3bd6dfab596005.tar.gz nixlib-d3eff01076dad707e5cda1be2e3bd6dfab596005.tar.bz2 nixlib-d3eff01076dad707e5cda1be2e3bd6dfab596005.tar.lz nixlib-d3eff01076dad707e5cda1be2e3bd6dfab596005.tar.xz nixlib-d3eff01076dad707e5cda1be2e3bd6dfab596005.tar.zst nixlib-d3eff01076dad707e5cda1be2e3bd6dfab596005.zip | |
nixos: miniupnpd: use iptables scripts
Diffstat (limited to 'nixos/modules/services/networking')
| -rw-r--r-- | nixos/modules/services/networking/miniupnpd.nix | 24 |
1 files changed, 2 insertions, 22 deletions
diff --git a/nixos/modules/services/networking/miniupnpd.nix b/nixos/modules/services/networking/miniupnpd.nix index 19400edb68f9..ab714a6ac75e 100644 --- a/nixos/modules/services/networking/miniupnpd.nix +++ b/nixos/modules/services/networking/miniupnpd.nix @@ -57,32 +57,12 @@ in }; config = mkIf cfg.enable { - # from miniupnpd/netfilter/iptables_init.sh networking.firewall.extraCommands = '' - iptables -t nat -N MINIUPNPD - iptables -t nat -A PREROUTING -i ${cfg.externalInterface} -j MINIUPNPD - iptables -t mangle -N MINIUPNPD - iptables -t mangle -A PREROUTING -i ${cfg.externalInterface} -j MINIUPNPD - iptables -t filter -N MINIUPNPD - iptables -t filter -A FORWARD -i ${cfg.externalInterface} ! -o ${cfg.externalInterface} -j MINIUPNPD - iptables -t nat -N MINIUPNPD-PCP-PEER - iptables -t nat -A POSTROUTING -o ${cfg.externalInterface} -j MINIUPNPD-PCP-PEER + ${pkgs.bash}/bin/bash -x ${pkgs.miniupnpd}/etc/miniupnpd/iptables_init.sh -i ${cfg.externalInterface} ''; - # from miniupnpd/netfilter/iptables_removeall.sh networking.firewall.extraStopCommands = '' - iptables -t nat -F MINIUPNPD - iptables -t nat -D PREROUTING -i ${cfg.externalInterface} -j MINIUPNPD - iptables -t nat -X MINIUPNPD - iptables -t mangle -F MINIUPNPD - iptables -t mangle -D PREROUTING -i ${cfg.externalInterface} -j MINIUPNPD - iptables -t mangle -X MINIUPNPD - iptables -t filter -F MINIUPNPD - iptables -t filter -D FORWARD -i ${cfg.externalInterface} ! -o ${cfg.externalInterface} -j MINIUPNPD - iptables -t filter -X MINIUPNPD - iptables -t nat -F MINIUPNPD-PCP-PEER - iptables -t nat -D POSTROUTING -o ${cfg.externalInterface} -j MINIUPNPD-PCP-PEER - iptables -t nat -X MINIUPNPD-PCP-PEER + ${pkgs.bash}/bin/bash -x ${pkgs.miniupnpd}/etc/miniupnpd/iptables_removeall.sh -i ${cfg.externalInterface} ''; systemd.services.miniupnpd = { |