diff options
author | Atemu <atemu.main@gmail.com> | 2023-11-07 11:53:37 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-11-07 11:53:37 +0100 |
commit | ac05199efbec20248cf4d24d335d2a6326e34bf3 (patch) | |
tree | bea19a96add8775bf2ef18644355722ae9f9f21b /pkgs | |
parent | e6a024b572fb705f6dc1817a5ec276eecca7be69 (diff) | |
parent | 466e5b6f306951375d85e0b3a9abcb2b51b2826f (diff) |
Merge pull request #265685 from clerie/clerie/nixos-firewall-tool-0.0.1
nixos-firewall-tool: init at 0.0.1
Diffstat (limited to 'pkgs')
-rwxr-xr-x | pkgs/by-name/ni/nixos-firewall-tool/nixos-firewall-tool.sh | 55 | ||||
-rw-r--r-- | pkgs/by-name/ni/nixos-firewall-tool/package.nix | 15 |
2 files changed, 70 insertions, 0 deletions
diff --git a/pkgs/by-name/ni/nixos-firewall-tool/nixos-firewall-tool.sh b/pkgs/by-name/ni/nixos-firewall-tool/nixos-firewall-tool.sh new file mode 100755 index 0000000000000..17e7ce8a724c9 --- /dev/null +++ b/pkgs/by-name/ni/nixos-firewall-tool/nixos-firewall-tool.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env bash + +set -euo pipefail + +ip46tables() { + iptables -w "$@" + ip6tables -w "$@" + +} + +show_help() { + echo "nixos-firewall-tool" + echo "" + echo "Can temporarily manipulate the NixOS firewall" + echo "" + echo "Open TCP port:" + echo " nixos-firewall-tool open tcp 8888" + echo "" + echo "Show all firewall rules:" + echo " nixos-firewall-tool show" + echo "" + echo "Open UDP port:" + echo " nixos-firewall-tool open udp 51820" + echo "" + echo "Reset firewall configuration to system settings:" + echo " nixos-firewall-tool reset" +} + +if [[ -z ${1+x} ]]; then + show_help + exit 1 +fi + +case $1 in + "open") + protocol="$2" + port="$3" + + ip46tables -I nixos-fw -p "$protocol" --dport "$port" -j nixos-fw-accept + ;; + "show") + ip46tables --numeric --list nixos-fw + ;; + "reset") + systemctl restart firewall.service + ;; + -h|--help|help) + show_help + exit 0 + ;; + *) + show_help + exit 1 + ;; +esac diff --git a/pkgs/by-name/ni/nixos-firewall-tool/package.nix b/pkgs/by-name/ni/nixos-firewall-tool/package.nix new file mode 100644 index 0000000000000..78af5cb8d5715 --- /dev/null +++ b/pkgs/by-name/ni/nixos-firewall-tool/package.nix @@ -0,0 +1,15 @@ +{ writeShellApplication, iptables, lib }: + +writeShellApplication { + name = "nixos-firewall-tool"; + text = builtins.readFile ./nixos-firewall-tool.sh; + runtimeInputs = [ + iptables + ]; + + meta = with lib; { + description = "Temporarily manipulate the NixOS firewall"; + license = licenses.mit; + maintainers = with maintainers; [ clerie ]; + }; +} |