b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

* Add an option to enable the firewall. It should eventually be

Browse source 
enabled by default.

svn path=/nixos/branches/modular-nixos/; revision=16464
This commit is contained in:
Eelco Dolstra 2009-07-26 21:27:35 +00:00
parent 264b49fce7
commit f0f5434eaa
3 changed files with 20 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
modules/module-list.nix
View file

@ -53,6 +53,7 @@
./services/networking/dhclient.nix ./services/networking/dhclient.nix
./services/networking/dhcpd.nix ./services/networking/dhcpd.nix
./services/networking/ejabberd.nix ./services/networking/ejabberd.nix
./services/networking/firewall.nix
./services/networking/gnunet.nix ./services/networking/gnunet.nix
./services/networking/gw6c.nix ./services/networking/gw6c.nix
./services/networking/ifplugd.nix ./services/networking/ifplugd.nix
@ -81,9 +82,9 @@
./services/x11/xserver/default.nix ./services/x11/xserver/default.nix
./services/x11/xserver/desktop-managers/default.nix ./services/x11/xserver/desktop-managers/default.nix
./services/x11/xserver/desktop-managers/gnome.nix ./services/x11/xserver/desktop-managers/gnome.nix
./services/x11/xserver/desktop-managers/kde4.nix
./services/x11/xserver/desktop-managers/kde-environment.nix ./services/x11/xserver/desktop-managers/kde-environment.nix
./services/x11/xserver/desktop-managers/kde.nix ./services/x11/xserver/desktop-managers/kde.nix
./services/x11/xserver/desktop-managers/kde4.nix
./services/x11/xserver/desktop-managers/none.nix ./services/x11/xserver/desktop-managers/none.nix
./services/x11/xserver/desktop-managers/xterm.nix ./services/x11/xserver/desktop-managers/xterm.nix
./services/x11/xserver/display-managers/default.nix ./services/x11/xserver/display-managers/default.nix

21
modules/services/networking/firewall.nix
View file

@ -12,6 +12,14 @@ in
options = { options = {
networking.firewall.enable = pkgs.lib.mkOption {
default = false;
description =
''
Whether to enable the firewall.
'';
};
networking.firewall.allowedTCPPorts = pkgs.lib.mkOption { networking.firewall.allowedTCPPorts = pkgs.lib.mkOption {
default = []; default = [];
example = [22 80]; example = [22 80];
@ -27,14 +35,21 @@ in
###### implementation ###### implementation
config = { # !!! Maybe if `enable' is false, the firewall should still be built
# but not started by default. However, currently nixos-rebuild
# doesn't deal with such Upstart jobs properly (it starts them if
# they are changed, regardless of whether the start condition
# holds).
config = pkgs.lib.mkIf config.networking.firewall.enable {
environment.systemPackages = [pkgs.iptables]; environment.systemPackages = [pkgs.iptables];
jobs = pkgs.lib.singleton jobs = pkgs.lib.singleton
{ name = "firewall"; { name = "firewall";
startOn = "network-interfaces/started";
preStart = preStart =
'' ''
${iptables} -F ${iptables} -F
@ -63,8 +78,6 @@ in
''; '';
}; };
networking.firewall.allowedTCPPorts = [22];
}; };
} }

4
modules/services/networking/ssh/sshd.nix
View file

@ -131,9 +131,7 @@ in
exec = "${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig}"; exec = "${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${sshdConfig}";
}; };
# !!! This barfs because of the mkIf ("value is a list while an networking.firewall.allowedTCPPorts = [22];
#attribute set was expected") :-(
#networking.firewall.allowedTCPPorts = [22];
}; };