nixos-nftables-firewall
nixos-nftables-firewall copied to clipboard
thelegy
A zone based firewall built ontop of nftables for nixos
i'd like to add to the wishlist :slightly_smiling_face: e.g. 1. redirect a destination port to a different port on localhost 2. redirect a destination port to a different host on...
Looks very promising! But I'm new to NixOS and also to nftables, so I'm having a hard time putting it to use. In my case, I would appreciate an example...
Hi, Thanks for this great project. One thing that I am missing is the ability to enable flow offloading for given interface https://wiki.nftables.org/wiki-nftables/index.php/Flowtables. Example nftables configuration with offloading enabled: ```...
I'm trying the zoned nixos-nftables-firewall for the first time & love the ways it lets me express stuff! Unfortunately, I'm running into the same issue as was fixed in NixOS/nixpkgs#121517:...
I'd love to set up a counters on some rules that I need some insight into (how many DNS requests from egress-permitted subnets made to this machine, etc); I think...
Thank you for the well-structured module! Today I discovered that the nixos-firewall snippet ignores port ranges. This PR should fix this.
This fixes #8. I sadly hadn't made a pull request for this change when I reported it, even though I'd made the code change. Hope this is reasonable to include...
I just had an issue where rules are skipped, as if their referenced zones were nonexistent (I thought that results in an error these days?): The following resulted in the...
https://github.com/thelegy/nixos-nftables-firewall/blob/2c5a19966b4dfc5ca92df7eb250c68f90be653c8/modules/snippets/nnf-ssh.nix#L18 This `early` arg surprised me, and after looking through the code I do not see any definition or usage of this flag (except for here in the ssh snippet)....
I'd like to define some [Sets](https://wiki.nftables.org/wiki-nftables/index.php/Sets) in the firewall table, but currently there doesn't seem to be a way to insert lines outside the chain blocks: https://github.com/thelegy/nixos-nftables-firewall/blob/2c5a19966b4dfc5ca92df7eb250c68f90be653c8/modules/chains.nix#L171-L176 This would let...