public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #57139 from delroth/firewall-dedup

Browse Source 
nixos/firewall: canonicalize ports lists
This commit is contained in:
Matthew Bauer
2019-03-25 22:15:17 -04:00
committed by GitHub
parent b332d66ce4 18bc8203a1
commit d468f4b27e
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
nixos/modules/services/networking/firewall.nix
View File

@@ -261,10 +261,14 @@ let
fi
'';
canonicalizePortList =
ports: lib.unique (builtins.sort builtins.lessThan ports);
commonOptions = {
allowedTCPPorts = mkOption {
type = types.listOf types.int;
type = types.listOf types.port;
default = [ ];
apply = canonicalizePortList;
example = [ 22 80 ];
description =
''
@@ -274,7 +278,7 @@ let
};
allowedTCPPortRanges = mkOption {
type = types.listOf (types.attrsOf types.int);
type = types.listOf (types.attrsOf types.port);
default = [ ];
example = [ { from = 8999; to = 9003; } ];
description =
@@ -285,8 +289,9 @@ let
};
allowedUDPPorts = mkOption {
type = types.listOf types.int;
type = types.listOf types.port;
default = [ ];
apply = canonicalizePortList;
example = [ 53 ];
description =
''
@@ -295,7 +300,7 @@ let
};
allowedUDPPortRanges = mkOption {
type = types.listOf (types.attrsOf types.int);
type = types.listOf (types.attrsOf types.port);
default = [ ];
example = [ { from = 60000; to = 61000; } ];
description =