diff options
| author | Ryan Trinkle <ryan.trinkle@gmail.com> | 2017-12-04 04:21:58 -0500 |
|---|---|---|
| committer | zimbatm <zimbatm@zimbatm.com> | 2017-12-04 09:21:58 +0000 |
| commit | 4f8a65a163e688aeb26e6739c993418a375f07e4 (patch) | |
| tree | aee8f950e3641b3594d4f90417489482c7f88fee /nixos/modules | |
| parent | 13797ff5224817abcb05926de842eb4e0fb41382 (diff) | |
| download | nixlib-4f8a65a163e688aeb26e6739c993418a375f07e4.tar nixlib-4f8a65a163e688aeb26e6739c993418a375f07e4.tar.gz nixlib-4f8a65a163e688aeb26e6739c993418a375f07e4.tar.bz2 nixlib-4f8a65a163e688aeb26e6739c993418a375f07e4.tar.lz nixlib-4f8a65a163e688aeb26e6739c993418a375f07e4.tar.xz nixlib-4f8a65a163e688aeb26e6739c993418a375f07e4.tar.zst nixlib-4f8a65a163e688aeb26e6739c993418a375f07e4.zip | |
nixos/nat: add dmzHost option (#32257)
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/services/networking/nat.nix | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix index 366bb2ed7a80..9b04cf557fa4 100644 --- a/nixos/modules/services/networking/nat.nix +++ b/nixos/modules/services/networking/nat.nix @@ -53,6 +53,12 @@ let -j DNAT --to-destination ${fwd.destination} '') cfg.forwardPorts} + ${optionalString (cfg.dmzHost != null) '' + iptables -w -t nat -A nixos-nat-pre \ + -i ${cfg.externalInterface} -j DNAT \ + --to-destination ${cfg.dmzHost} + ''} + # Append our chains to the nat tables iptables -w -t nat -A PREROUTING -j nixos-nat-pre iptables -w -t nat -A POSTROUTING -j nixos-nat-post @@ -153,6 +159,17 @@ in ''; }; + networking.nat.dmzHost = mkOption { + type = types.nullOr types.str; + default = null; + example = "10.0.0.1"; + description = + '' + The local IP address to which all traffic that does not match any + forwarding rule is forwarded. + ''; + }; + }; |