summary refs log tree commit diff
path: root/nixos/modules/services/networking/nat.nix
Commit message (Collapse)AuthorAge
* nixos: fix backticks in Markdown descriptionsNaïm Favier2023-01-21
|
* nixos/{firewall, nat}: add a nftables based implementationRvfg2022-12-23
|
* Merge pull request #181334 from zhaofengli/nat-iptables-pkgBernardo Meurer2022-09-06
|\ | | | | nixos/nat: Use the package specified in networking.firewall.package
| * nixos/nat: Use the package specified in networking.firewall.packageZhaofeng Li2022-08-31
| | | | | | | | | | | | Otherwise the system path is inconsistent if you do something like networking.firewall.package = pkgs.iptables-legacy;
* | treewide: automatically md-convert option descriptionspennae2022-07-30
|/ | | | | | | | | | | | | | | | | | | | | | the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
* nixos/doc: clean up defaults and examplesNaïm Favier2021-10-04
|
* nixos/nat: support IPv6 NATValérian Galliat2020-12-01
|
* nixos/nat: fix multiple destination ports with loopbackThomas Dy2020-03-04
|
* nixos/nat: use nixos-nat-out instead of OUTPUTvolth2020-01-12
|
* nixos: fix ip46tables invocation in natBernardo Meurer2019-12-14
|
* Merge pull request #68459 from volth/patch-364Andreas Rammhold2019-12-12
|\ | | | | nixos/nat: create nixos-nat-{pre,post,out} in ip6tables too
| * nixos/nat: create nixos-nat-{pre,post,out} in ip6tables toovolth2019-09-10
| |
* | nixos/nat: fix typo in commentMax Veytsman2019-11-04
|/ | | | | This iptables directive is marking packets coming from the internal interfaces so they can later be NATed by the rule in https://github.com/NixOS/nixpkgs/blob/22378e699682778075bcfb12cb6bf710261586f5/nixos/modules/services/networking/nat.nix#L38-L42 . Fix the comment accordingly.
* nixos/nat: optional networking.nat.externalInterface (#41864)volth2018-06-12
| | | to prevent "cannot coerce null to string" raise before the assertions are checked
* nixos/nat: optional networking.nat.externalInterface (#41758)volth2018-06-10
|
* nixos/nat: support nat reflectionvolth2018-02-19
|
* nat: add extraCommands and extraStopCommands optionsRyan Trinkle2017-12-06
|
* Merge pull request #32212 from ryantrinkle/nat-port-forwarding-rangeszimbatm2017-12-04
|\ | | | | Nat port forwarding ranges
| * nat: support port ranges in networking.nat.forwardPortsRyan Trinkle2017-12-02
| |
* | nixos/nat: add dmzHost option (#32257)Ryan Trinkle2017-12-04
|/
* nixos/networking/nat: add option for protocolPhil2017-08-04
| | | | This commit adds an option to allow udp port forwarding (see #24894).
* nat: always flush nixos nat rules on firewall start/reloadMarkus Mueller2017-08-03
| | | | Fixes #27510
* Merge pull request #18491 from groxxda/network-interfacesJoachim F2016-10-02
|\ | | | | Replace Network-interfaces.target
| * networking.nat: replace network-interfaces.targetAlexander Ried2016-09-13
| | | | | | | | | | We can replace this safely with network-pre because iptables does not care whether the interfaces exist or not.
* | nat module: optionSet -> submoduleEric Sagnes2016-09-13
|/
* Revert "nixos/nat: Allow nat without an externalInterface"Domen Kožar2016-05-12
| | | | | | This reverts commit 431a98b12b5e1cc51181da815870dda5e23709f8. Breaks nixos tests: http://hydra.nixos.org/build/35538207
* nixos/nat: Allow nat without an externalInterfaceFranz Pletz2016-05-12
|
* nixos/nat: Fix override so that sysctls are properly preservedWilliam A. Kennington III2014-10-31
|
* nixos/nat: Don't flush tables, create subchains for autogenerated rulesWilliam A. Kennington III2014-09-18
|
* nixos/nat: Leverage firewall moduleWilliam A. Kennington III2014-09-15
|
* nixos nat: add description to forwardPortsLuca Bruno2014-09-04
|
* nixos nat: add type for sourcePort and destination of forwardPortsLuca Bruno2014-09-04
|
* nixos/nat: add forwardPorts for external->internal DNATLuca Bruno2014-09-01
|
* Rewrite ‘with pkgs.lib’ -> ‘with lib’Eelco Dolstra2014-04-14
| | | | | | | | Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem.
* Use iptables' ‘-w’ flagEelco Dolstra2014-04-11
| | | | | | | This prevents errors like "Another app is currently holding the xtables lock" if the firewall and NAT services are starting in parallel. (Longer term, we should probably move to a single service for managing the iptables rules.)
* Fix NAT moduleEelco Dolstra2014-04-11
|
* Add option networking.nat.internalInterfacesEelco Dolstra2014-04-10
| | | | This allows applying NAT to an interface, rather than an IP range.
* Add lots of missing option typesEelco Dolstra2013-10-30
|
* Move all of NixOS to nixos/ in preparation of the repository mergeEelco Dolstra2013-10-10
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-17 14:00:36 +0000