public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #57139 from delroth/firewall-dedup

Browse Source 
nixos/firewall: canonicalize ports lists
This commit is contained in:
Matthew Bauer 2019-03-25 22:15:17 -04:00 committed by GitHub
commit d468f4b27e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nixos/modules/services/networking/firewall.nix
View File

@ -261,10 +261,14 @@ let
fi fi
''; '';
canonicalizePortList =
ports: lib.unique (builtins.sort builtins.lessThan ports);
commonOptions = { commonOptions = {
allowedTCPPorts = mkOption { allowedTCPPorts = mkOption {
type = types.listOf types.int; type = types.listOf types.port;
default = [ ]; default = [ ];
apply = canonicalizePortList;
example = [ 22 80 ]; example = [ 22 80 ];
description = description =
'' ''
@ -274,7 +278,7 @@ let
}; };
allowedTCPPortRanges = mkOption { allowedTCPPortRanges = mkOption {
type = types.listOf (types.attrsOf types.int); type = types.listOf (types.attrsOf types.port);
default = [ ]; default = [ ];
example = [ { from = 8999; to = 9003; } ]; example = [ { from = 8999; to = 9003; } ];
description = description =
@ -285,8 +289,9 @@ let
}; };
allowedUDPPorts = mkOption { allowedUDPPorts = mkOption {
type = types.listOf types.int; type = types.listOf types.port;
default = [ ]; default = [ ];
apply = canonicalizePortList;
example = [ 53 ]; example = [ 53 ];
description = description =
'' ''
@ -295,7 +300,7 @@ let
}; };
allowedUDPPortRanges = mkOption { allowedUDPPortRanges = mkOption {
type = types.listOf (types.attrsOf types.int); type = types.listOf (types.attrsOf types.port);
default = [ ]; default = [ ];
example = [ { from = 60000; to = 61000; } ]; example = [ { from = 60000; to = 61000; } ];
description = description =