diff options
| author | volth <volth@volth.com> | 2019-09-10 21:58:19 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-10 21:58:19 +0000 |
| commit | 3e792fb6df811878ca6a36f9e450de52265143e5 (patch) | |
| tree | 1713fe981c4e4273cb43c8358f83f84cf51ae71f /nixos/modules/services/networking/nat.nix | |
| parent | 70a0add412e920e13ca7994938a00906def0ebbd (diff) | |
| download | nixpkgs-3e792fb6df811878ca6a36f9e450de52265143e5.tar nixpkgs-3e792fb6df811878ca6a36f9e450de52265143e5.tar.gz nixpkgs-3e792fb6df811878ca6a36f9e450de52265143e5.tar.bz2 nixpkgs-3e792fb6df811878ca6a36f9e450de52265143e5.tar.lz nixpkgs-3e792fb6df811878ca6a36f9e450de52265143e5.tar.xz nixpkgs-3e792fb6df811878ca6a36f9e450de52265143e5.tar.zst nixpkgs-3e792fb6df811878ca6a36f9e450de52265143e5.zip | |
nixos/nat: create nixos-nat-{pre,post,out} in ip6tables too
Diffstat (limited to 'nixos/modules/services/networking/nat.nix')
| -rw-r--r-- | nixos/modules/services/networking/nat.nix | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix index 89d8590093d..3c952db319b 100644 --- a/nixos/modules/services/networking/nat.nix +++ b/nixos/modules/services/networking/nat.nix @@ -13,20 +13,24 @@ let dest = if cfg.externalIP == null then "-j MASQUERADE" else "-j SNAT --to-source ${cfg.externalIP}"; flushNat = '' - iptables -w -t nat -D PREROUTING -j nixos-nat-pre 2>/dev/null|| true - iptables -w -t nat -F nixos-nat-pre 2>/dev/null || true - iptables -w -t nat -X nixos-nat-pre 2>/dev/null || true - iptables -w -t nat -D POSTROUTING -j nixos-nat-post 2>/dev/null || true - iptables -w -t nat -F nixos-nat-post 2>/dev/null || true - iptables -w -t nat -X nixos-nat-post 2>/dev/null || true + ip46tables -w -t nat -D PREROUTING -j nixos-nat-pre 2>/dev/null|| true + ip46tables -w -t nat -F nixos-nat-pre 2>/dev/null || true + ip46tables -w -t nat -X nixos-nat-pre 2>/dev/null || true + ip46tables -w -t nat -D POSTROUTING -j nixos-nat-post 2>/dev/null || true + ip46tables -w -t nat -F nixos-nat-post 2>/dev/null || true + ip46tables -w -t nat -X nixos-nat-post 2>/dev/null || true + ip46tables -w -t nat -D OUTPUT -j nixos-nat-out 2>/dev/null || true + ip46tables -w -t nat -F nixos-nat-out 2>/dev/null || true + ip46tables -w -t nat -X nixos-nat-out 2>/dev/null || true ${cfg.extraStopCommands} ''; setupNat = '' # Create subchain where we store rules - iptables -w -t nat -N nixos-nat-pre - iptables -w -t nat -N nixos-nat-post + ip46tables -w -t nat -N nixos-nat-pre + ip46tables -w -t nat -N nixos-nat-post + ip46tables -w -t nat -N nixos-nat-out # We can't match on incoming interface in POSTROUTING, so # mark packets coming from the external interfaces. @@ -88,8 +92,9 @@ let ${cfg.extraCommands} # Append our chains to the nat tables - iptables -w -t nat -A PREROUTING -j nixos-nat-pre - iptables -w -t nat -A POSTROUTING -j nixos-nat-post + ip46tables -w -t nat -A PREROUTING -j nixos-nat-pre + ip46tables -w -t nat -A POSTROUTING -j nixos-nat-post + ip46tables -w -t nat -A OUTPUT -j nixos-nat-out ''; in |