add (very basic) set support in firewallgen

and add sets for lan/wan/dmz/guest interface names to default firewall rules
2025-02-03 20:46:22 +00:00
parent 8cf602da91
commit 1d780de0f1
3 changed files with 55 additions and 2 deletions
--- a/pkgs/firewallgen/test-rules-min.nix
+++ b/pkgs/firewallgen/test-rules-min.nix
@@ -121,4 +121,23 @@ let
  };
 in {
  inherit input-ip6 forward-ip6 bogons-ip6 incoming-allowed-ip6;
+  lan-set-ip = {
+    kind = "set";
+    family = "ip";
+    type = "ifname";
+    elements = [
+      "eth0" "eth1"
+    ];
+
+  };
+  # honours timeout flags gc-interval size policy counter auto-merge
+  lan-set-ip6 = {
+    kind = "set";
+    family = "ip6";
+    type = "ifname";
+    elements = [
+      "eth0" "eth1"
+    ];
+
+  };
 }