JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos/nat: add dmzHost option (#32257)

Browse Source
This commit is contained in:
Ryan Trinkle 2017-12-04 04:21:58 -05:00 committed by zimbatm
parent 13797ff522
commit 4f8a65a163
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
nixos/modules/services/networking/nat.nix
View File

@ -53,6 +53,12 @@ let
-j DNAT --to-destination ${fwd.destination} -j DNAT --to-destination ${fwd.destination}
'') cfg.forwardPorts} '') cfg.forwardPorts}
${optionalString (cfg.dmzHost != null) ''
iptables -w -t nat -A nixos-nat-pre \
-i ${cfg.externalInterface} -j DNAT \
--to-destination ${cfg.dmzHost}
''}
# Append our chains to the nat tables # Append our chains to the nat tables
iptables -w -t nat -A PREROUTING -j nixos-nat-pre iptables -w -t nat -A PREROUTING -j nixos-nat-pre
iptables -w -t nat -A POSTROUTING -j nixos-nat-post iptables -w -t nat -A POSTROUTING -j nixos-nat-post
@ -153,6 +159,17 @@ in
''; '';
}; };
networking.nat.dmzHost = mkOption {
type = types.nullOr types.str;
default = null;
example = "10.0.0.1";
description =
''
The local IP address to which all traffic that does not match any
forwarding rule is forwarded.
'';
};
}; };