nixos-nftables-firewall icon indicating copy to clipboard operation
nixos-nftables-firewall copied to clipboard

Published 20 hours ago verified publisher icon thelegy

Support sets in a table but outside a chain

Open Ramblurr opened this issue 9 months ago • 0 comments

I'd like to define some Sets in the firewall table, but currently there doesn't seem to be a way to insert lines outside the chain blocks:

https://github.com/thelegy/nixos-nftables-firewall/blob/2c5a19966b4dfc5ca92df7eb250c68f90be653c8/modules/chains.nix#L171-L176

This would let me use rules like:

example = {
    from = [ "vlan1" ];
    to = [ "local" ];
    extraLines = [
    ''meta l4proto { tcp, udp } th dport @some_service_port ip daddr @some_service counter return comment "allow access some service"''
    ];
};

with sets like:

set some_service_port {
  type inet_service
  elements = { 2001, 2002 }
}

set some_service {
  type ipv4_addr
  elements = { 10.0.0.10 }
}

Any interest in supporting this?

Ramblurr avatar Feb 05 '25 16:02 Ramblurr