dan/liminix
1
0
Fork 5
Code
1,460 Commits 15 Branches 0 Tags 7.1 MiB
6587813577
Commit Graph

6 Commits

Author SHA1 Message Date
Daniel Barlow
6587813577 WIP add zones to firewall module 
- zones are an attrset of name -> [interface-service]

- the firewall will create empty "ifname" sets for each zone name
 in each address family (ip, ip6)

- then watch the interface services, and add the "ifname" outputs
to the corresponding sets when they appear

This commit only adds the empty sets
 2025-02-10 21:21:08 +00:00
Daniel Barlow
1d780de0f1 add (very basic) set support in firewallgen 
and add sets for lan/wan/dmz/guest interface names to default
firewall rules
 2025-02-10 21:17:43 +00:00
Daniel Barlow
c92aacc6fd firewall rules: use @lan and @wan sets instead of ifnames 
we don't have anything yet to create or populate the sets
 2025-02-06 09:22:41 +00:00
Daniel Barlow
f2e4e77d73 firewall: don't use oifname in input rules 
because it's empty, these are input rules for the local machine
 2024-12-29 23:17:31 +00:00
Daniel Barlow
5112eab4da apply incoming-allowed-ip[46] rules to input as well as forward pkts 
this makes it possible to open ports on the router itself
 2024-10-10 18:18:23 +01:00
Daniel Barlow
1a314e55b7 firewall module: provide default rules and merge extraRules 
a firewall with no configuration will get a relatively sane ruleset. a
firewall with `extraRules` will get them deep merged into the default
rules.  Specifying `rules` will override the defaults
 2024-03-21 12:00:34 +00:00