diff options
Diffstat (limited to 'nixos/modules/services/networking/firewall.nix')
-rw-r--r-- | nixos/modules/services/networking/firewall.nix | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index aba64e4f60ff..4ea891262e56 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -261,10 +261,14 @@ let fi ''; + canonicalizePortList = + ports: lib.unique (builtins.sort builtins.lessThan ports); + commonOptions = { allowedTCPPorts = mkOption { - type = types.listOf types.int; + type = types.listOf types.port; default = [ ]; + apply = canonicalizePortList; example = [ 22 80 ]; description = '' @@ -274,7 +278,7 @@ let }; allowedTCPPortRanges = mkOption { - type = types.listOf (types.attrsOf types.int); + type = types.listOf (types.attrsOf types.port); default = [ ]; example = [ { from = 8999; to = 9003; } ]; description = @@ -285,8 +289,9 @@ let }; allowedUDPPorts = mkOption { - type = types.listOf types.int; + type = types.listOf types.port; default = [ ]; + apply = canonicalizePortList; example = [ 53 ]; description = '' @@ -295,7 +300,7 @@ let }; allowedUDPPortRanges = mkOption { - type = types.listOf (types.attrsOf types.int); + type = types.listOf (types.attrsOf types.port); default = [ ]; example = [ { from = 60000; to = 61000; } ]; description = |