Merge master into staging-next

2 files changed, 70 insertions, 0 deletions

diff --git a/pkgs/by-name/ni/nixos-firewall-tool/nixos-firewall-tool.sh b/pkgs/by-name/ni/nixos-firewall-tool/nixos-firewall-tool.sh
new file mode 100755
index 00000000000..17e7ce8a724
--- /dev/null
+++ b/pkgs/by-name/ni/nixos-firewall-tool/nixos-firewall-tool.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ip46tables() {
+  iptables -w "$@"
+  ip6tables -w "$@"
+
+}
+
+show_help() {
+    echo "nixos-firewall-tool"
+    echo ""
+    echo "Can temporarily manipulate the NixOS firewall"
+    echo ""
+    echo "Open TCP port:"
+    echo " nixos-firewall-tool open tcp 8888"
+    echo ""
+    echo "Show all firewall rules:"
+    echo " nixos-firewall-tool show"
+    echo ""
+    echo "Open UDP port:"
+    echo " nixos-firewall-tool open udp 51820"
+    echo ""
+    echo "Reset firewall configuration to system settings:"
+    echo " nixos-firewall-tool reset"
+}
+
+if [[ -z ${1+x} ]]; then
+  show_help
+  exit 1
+fi
+
+case $1 in
+  "open")
+    protocol="$2"
+    port="$3"
+
+    ip46tables -I nixos-fw -p "$protocol" --dport "$port" -j nixos-fw-accept
+  ;;
+  "show")
+    ip46tables --numeric --list nixos-fw
+  ;;
+  "reset")
+    systemctl restart firewall.service
+  ;;
+  -h|--help|help)
+    show_help
+    exit 0
+  ;;
+  *)
+    show_help
+    exit 1
+  ;;
+esac
diff --git a/pkgs/by-name/ni/nixos-firewall-tool/package.nix b/pkgs/by-name/ni/nixos-firewall-tool/package.nix
new file mode 100644
index 00000000000..78af5cb8d57
--- /dev/null
+++ b/pkgs/by-name/ni/nixos-firewall-tool/package.nix
@@ -0,0 +1,15 @@
+{ writeShellApplication, iptables, lib }:
+
+writeShellApplication {
+  name = "nixos-firewall-tool";
+  text = builtins.readFile ./nixos-firewall-tool.sh;
+  runtimeInputs = [
+    iptables
+  ];
+
+  meta = with lib; {
+    description = "Temporarily manipulate the NixOS firewall";
+    license = licenses.mit;
+    maintainers = with maintainers; [ clerie ];
+  };
+}