BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nixos/fail2ban: support nftables with default configuration

Browse source
This commit is contained in:
Naïm Favier 2023-01-04 14:40:10 +01:00
parent 35e88e278b
commit 88a7218236
No known key found for this signature in database
GPG key ID: 95AFCE8211908325
1 changed files with 9 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
nixos/modules/services/security/fail2ban.nix
View file

@ -62,11 +62,10 @@ in
};
packageFirewall = mkOption {
default = pkgs.iptables;
defaultText = literalExpression "pkgs.iptables";
default = config.networking.firewall.package;
defaultText = literalExpression "config.networking.firewall.package";
type = types.package;
example = literalExpression "pkgs.nftables";
description = lib.mdDoc "The firewall package used by fail2ban service.";
description = lib.mdDoc "The firewall package used by fail2ban service. Defaults to the package for your firewall (iptables or nftables).";
};
extraPackages = mkOption {
@ -86,24 +85,24 @@ in
};
banaction = mkOption {
default = "iptables-multiport";
default = if config.networking.nftables.enable then "nftables-multiport" else "iptables-multiport";
defaultText = literalExpression '' if config.networking.nftables.enable then "nftables-multiport" else "iptables-multiport" '';
type = types.str;
example = "nftables-multiport";
description = lib.mdDoc ''
Default banning action (e.g. iptables, iptables-new, iptables-multiport,
iptables-ipset-proto6-allports, shorewall, etc) It is used to
iptables-ipset-proto6-allports, shorewall, etc). It is used to
define action_* variables. Can be overridden globally or per
section within jail.local file
'';
};
banaction-allports = mkOption {
default = "iptables-allport";
default = if config.networking.nftables.enable then "nftables-allport" else "iptables-allport";
defaultText = literalExpression '' if config.networking.nftables.enable then "nftables-allport" else "iptables-allport" '';
type = types.str;
example = "nftables-allport";
description = lib.mdDoc ''
Default banning action (e.g. iptables, iptables-new, iptables-multiport,
shorewall, etc) It is used to define action_* variables. Can be overridden
shorewall, etc) for "allports" jails. It is used to define action_* variables. Can be overridden
globally or per section within jail.local file
'';
};