dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #209031 from ncfavier/fail2ban-nftables

Browse Source
This commit is contained in:
Naïm Favier 2023-01-09 11:54:03 +01:00 committed by GitHub
commit 8cd3fc50f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
nixos/modules/services/security/fail2ban.nix
View File

@ -62,11 +62,10 @@ in
}; };
packageFirewall = mkOption { packageFirewall = mkOption {
default = pkgs.iptables; default = config.networking.firewall.package;
defaultText = literalExpression "pkgs.iptables"; defaultText = literalExpression "config.networking.firewall.package";
type = types.package; type = types.package;
example = literalExpression "pkgs.nftables"; description = lib.mdDoc "The firewall package used by fail2ban service. Defaults to the package for your firewall (iptables or nftables).";
description = lib.mdDoc "The firewall package used by fail2ban service.";
}; };
extraPackages = mkOption { extraPackages = mkOption {
@ -86,24 +85,24 @@ in
}; };
banaction = mkOption { banaction = mkOption {
default = "iptables-multiport"; default = if config.networking.nftables.enable then "nftables-multiport" else "iptables-multiport";
defaultText = literalExpression '' if config.networking.nftables.enable then "nftables-multiport" else "iptables-multiport" '';
type = types.str; type = types.str;
example = "nftables-multiport";
description = lib.mdDoc '' description = lib.mdDoc ''
Default banning action (e.g. iptables, iptables-new, iptables-multiport, Default banning action (e.g. iptables, iptables-new, iptables-multiport,
iptables-ipset-proto6-allports, shorewall, etc) It is used to iptables-ipset-proto6-allports, shorewall, etc). It is used to
define action_* variables. Can be overridden globally or per define action_* variables. Can be overridden globally or per
section within jail.local file section within jail.local file
''; '';
}; };
banaction-allports = mkOption { banaction-allports = mkOption {
default = "iptables-allport"; default = if config.networking.nftables.enable then "nftables-allport" else "iptables-allport";
defaultText = literalExpression '' if config.networking.nftables.enable then "nftables-allport" else "iptables-allport" '';
type = types.str; type = types.str;
example = "nftables-allport";
description = lib.mdDoc '' description = lib.mdDoc ''
Default banning action (e.g. iptables, iptables-new, iptables-multiport, Default banning action (e.g. iptables, iptables-new, iptables-multiport,
shorewall, etc) It is used to define action_* variables. Can be overridden shorewall, etc) for "allports" jails. It is used to define action_* variables. Can be overridden
globally or per section within jail.local file globally or per section within jail.local file
''; '';
}; };