pyrox.dev
Merge pull request #32258 from ryantrinkle/add-nat-extraCommands
nat: add extraCommands option
authored by Ryan Trinkle and committed by GitHub f1a6fa6e 58f9fd64
+26
nixos/modules/services/networking/nat.nix
+26
nixos/modules/services/networking/nat.nix
···
19
19
iptables -w -t nat -D POSTROUTING -j nixos-nat-post 2>/dev/null || true
20
20
iptables -w -t nat -F nixos-nat-post 2>/dev/null || true
21
21
iptables -w -t nat -X nixos-nat-post 2>/dev/null || true
22
+
23
+
${cfg.extraStopCommands}
22
24
'';
23
25
24
26
setupNat = ''
···
58
60
-i ${cfg.externalInterface} -j DNAT \
59
61
--to-destination ${cfg.dmzHost}
60
62
''}
63
+
64
+
${cfg.extraCommands}
61
65
62
66
# Append our chains to the nat tables
63
67
iptables -w -t nat -A PREROUTING -j nixos-nat-pre
···
167
171
''
168
172
The local IP address to which all traffic that does not match any
169
173
forwarding rule is forwarded.
174
+
'';
175
+
};
176
+
177
+
networking.nat.extraCommands = mkOption {
178
+
type = types.lines;
179
+
default = "";
180
+
example = "iptables -A INPUT -p icmp -j ACCEPT";
181
+
description =
182
+
''
183
+
Additional shell commands executed as part of the nat
184
+
initialisation script.
185
+
'';
186
+
};
187
+
188
+
networking.nat.extraStopCommands = mkOption {
189
+
type = types.lines;
190
+
default = "";
191
+
example = "iptables -D INPUT -p icmp -j ACCEPT || true";
192
+
description =
193
+
''
194
+
Additional shell commands executed as part of the nat
195
+
teardown script.
170
196
'';
171
197
};
172
198