delete unused function

- zones are an attrset of name -> [interface-service]

- the firewall will create empty "ifname" sets for each zone name
 in each address family (ip, ip6)

- then watch the interface services, and add the "ifname" outputs
to the corresponding sets when they appear

This commit only adds the empty sets

THOUGHTS.txt

@@ -7010,13 +7010,5 @@ which interface services are in which zones
 we'd have to ensure that the interface services did not end up as
 dependencies of the firewall
 
-then the firewall could
-
-- create the sets
-- watch each interface service for the ifname output and add it to the right zone
-
-Sun Feb  9 21:33:57 GMT 2025
-
-nft update set @lan
-
-echo 'flush set table-ip lan;  add element table-ip lan { eth0,lo }' | nft -f -
+then the firewall could watch each interface service for the ifname
+output and add it to the right zone

examples/rotuer.nix

@@ -69,6 +69,10 @@ in rec {
     firewall = {
       enable = true;
       rules = secrets.firewallRules;
+      zones = {
+        lan = [ config.services.int ];
+        wan = [ config.services.wan  ] ;
+      };
     };
     wireless.networks = {
       # EDIT: if you have more or fewer wireless radios, here is where

modules/firewall/ifwatch.fnl

@@ -48,7 +48,8 @@
       (..
        "flush set ip table-ip " zone "; \n"
        "flush set ip6 table-ip6 " zone "; \n"
-       )))
+       )
+
 
 (fn run []
   (while true

modules/profiles/gateway.nix

@@ -50,10 +50,6 @@ in {
       rules = mkOption { type = types.attrsOf types.attrs; };
       zones = mkOption {
         type = types.attrsOf (types.listOf  liminix.lib.types.service);
-        default = {
-          lan = [ config.services.int ];
-          wan = [ config.services.wan ];
-        };
       };
     };