summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@shackspace.de>2015-07-18 12:34:18 +0200
committertv <tv@shackspace.de>2015-07-18 12:48:57 +0200
commit9f3c4a2381d49da736cab45435777525d96f22a8 (patch)
treef837434d0d1c8e519385ab47649f24b5ffdaaf48
parent62885ad0ddd74c92437c6074b8a8167a60095437 (diff)
3 tv.iptables: unique ports
-rw-r--r--3modules/tv/iptables.nix4
1 files changed, 2 insertions, 2 deletions
diff --git a/3modules/tv/iptables.nix b/3modules/tv/iptables.nix
index 7b9edd38b..21cf77320 100644
--- a/3modules/tv/iptables.nix
+++ b/3modules/tv/iptables.nix
@@ -76,7 +76,7 @@ let
"-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT"
"-i lo -j ACCEPT"
]
- ++ map accept-new-tcp cfg.input-internet-accept-new-tcp
+ ++ map accept-new-tcp (unique cfg.input-internet-accept-new-tcp)
++ ["-i retiolum -j Retiolum"]
)}
${concatMapStringsSep "\n" (rule: "-A Retiolum ${rule}") ([]
@@ -88,7 +88,7 @@ let
"-p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT"
];
}."ip${toString iptables-version}tables"
- ++ map accept-new-tcp cfg.input-retiolum-accept-new-tcp
+ ++ map accept-new-tcp (unique cfg.input-retiolum-accept-new-tcp)
++ {
ip4tables = [
"-p tcp -j REJECT --reject-with tcp-reset"