added stuff

2024-04-09 23:11:33 +02:00 · 2024-04-09 23:11:33 +02:00 · 9d0ebdfbd0
commit 9d0ebdfbd0
parent e8d9044d2b
907 changed files with 70990 additions and 0 deletions
--- a/nyx/modules/options/system/networking/nftables.nix
+++ b/nyx/modules/options/system/networking/nftables.nix
@ -0,0 +1,82 @@
+{lib, ...}: let
+  inherit (lib) mkTable mkPrerouteChain mkForwardChain mkOutputChain mkInputChain mkPostrouteChain mkIngressChain;
+in {
+  options.networking.nftables.rules = {
+    # man nft(8)
+    netdev = mkTable "netdev address family netfilter table" {
+      filter.ingress = mkIngressChain "netdev";
+    };
+
+    bridge = mkTable "bridge address family netfilter table" {
+      filter = {
+        prerouting = mkPrerouteChain "bridge";
+        input = mkInputChain "bridge";
+        forward = mkForwardChain "bridge";
+        output = mkOutputChain "bridge";
+        postrouting = mkPostrouteChain "bridge";
+      };
+    };
+
+    inet = mkTable "internet (IPv4/IPv6) address family netfilter table" {
+      filter = {
+        prerouting = mkPrerouteChain "inet";
+        input = mkInputChain "inet";
+        forward = mkForwardChain "inet";
+        output = mkOutputChain "inet";
+        postrouting = mkPostrouteChain "inet";
+      };
+
+      nat = {
+        prerouting = mkPrerouteChain "inet";
+        input = mkInputChain "inet";
+        output = mkOutputChain "inet";
+        postrouting = mkPostrouteChain "inet";
+      };
+    };
+
+    arp = mkTable "ARP (IPv4) address family netfilter table" {
+      filter = {
+        input = mkInputChain "arp";
+        output = mkOutputChain "arp";
+      };
+    };
+
+    ip = mkTable "internet (IPv4) address family netfilter table" {
+      filter = {
+        prerouting = mkPrerouteChain "ip";
+        input = mkInputChain "ip";
+        forward = mkForwardChain "ip";
+        output = mkOutputChain "ip";
+        postrouting = mkPostrouteChain "ip";
+      };
+
+      nat = {
+        prerouting = mkPrerouteChain "ip";
+        input = mkInputChain "ip";
+        output = mkOutputChain "ip";
+        postrouting = mkPostrouteChain "ip";
+      };
+
+      route.output = mkForwardChain "ip";
+    };
+
+    ip6 = mkTable "internet (IPv6) address family netfilter table" {
+      filter = {
+        prerouting = mkPrerouteChain "ip6";
+        input = mkInputChain "ip6";
+        forward = mkForwardChain "ip6";
+        output = mkOutputChain "ip6";
+        postrouting = mkPostrouteChain "ip6";
+      };
+
+      nat = {
+        prerouting = mkPrerouteChain "ip6";
+        input = mkInputChain "ip6";
+        output = mkOutputChain "ip6";
+        postrouting = mkPostrouteChain "ip6";
+      };
+
+      route.output = mkForwardChain "ip6";
+    };
+  };
+}