WIP add zones to firewall module
- zones are an attrset of name -> [interface-service] - the firewall will create empty "ifname" sets for each zone name in each address family (ip, ip6) - then watch the interface services, and add the "ifname" outputs to the corresponding sets when they appear This commit only adds the empty sets
This commit is contained in:
Daniel Barlow
@@ -3,13 +3,6 @@ let
|
||||
accept = expr : "${expr} accept";
|
||||
mcast-scope = 8;
|
||||
allow-incoming = false;
|
||||
|
||||
ifname-set = family : name : ifnames : {
|
||||
kind = "set";
|
||||
inherit family name;
|
||||
type = "ifname";
|
||||
elements = ifnames;
|
||||
};
|
||||
in {
|
||||
bogons-ip6 = {
|
||||
type = "filter";
|
||||
@@ -248,13 +241,4 @@ in {
|
||||
];
|
||||
};
|
||||
|
||||
lan-set-ip = ifname-set "ip" "lan" [ "int" ];
|
||||
wan-set-ip = ifname-set "ip" "wan" [ "ppp0" ];
|
||||
dmz-set-ip = ifname-set "ip" "dmz" [ ];
|
||||
guest-set-ip = ifname-set "ip" "guest" [ ];
|
||||
|
||||
lan-set-ip6 = ifname-set "ip6" "lan" [ "int" ];
|
||||
wan-set-ip6 = ifname-set "ip6" "wan" [ "ppp0" ];
|
||||
dmz-set-ip6 = ifname-set "ip6" "dmz" [ ];
|
||||
guest-set-ip6 = ifname-set "ip6" "guest" [ ];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user