services.firehol.enable
Whether to enable Firehol firewall for humans!.
type
boolean
example
{
services.firehol.enable = true;
}
default
{
services.firehol.enable = false;
}
services.firehol.interfaces
List of interfaces to use
type
attribute set of submodule or list of attribute set convertible to it
example
{
services.firehol.interfaces = {
eth1 = {
myname = "lan";
};
};
}
default
{
services.firehol.interfaces = {};
}
services.firehol.interfaces.<name>.dst
type
submodule
default
{
services.firehol.interfaces.<name>.dst = {};
}
services.firehol.interfaces.<name>.dst.deny
type
boolean
default
{
services.firehol.interfaces.<name>.dst.deny = false;
}
services.firehol.interfaces.<name>.dst.ip
type
string
default
{
services.firehol.interfaces.<name>.dst.ip = "";
}
services.firehol.interfaces.<name>.myname
Interface custom name for readability
type
string
default
{
services.firehol.interfaces.<name>.myname = "lan";
}
services.firehol.interfaces.<name>.name
Interface name
type
string
default
{
services.firehol.interfaces.<name>.name = "‹name›";
}
services.firehol.interfaces.<name>.policy
Default policy on this interface
type
one of "accept", "reject", "drop"
default
{
services.firehol.interfaces.<name>.policy = "drop";
}
services.firehol.interfaces.<name>.rules
type
list of string
default
{
services.firehol.interfaces.<name>.rules = [
"client all accept"
];
}
services.firehol.interfaces.<name>.src
type
submodule
default
{
services.firehol.interfaces.<name>.src = {};
}
services.firehol.interfaces.<name>.src.deny
type
boolean
default
{
services.firehol.interfaces.<name>.src.deny = false;
}
services.firehol.interfaces.<name>.src.ip
type
string
default
{
services.firehol.interfaces.<name>.src.ip = "";
}
services.firehol.routers
List of Routers to create
type
attribute set of submodule or list of attribute set convertible to it
example
{
services.firehol.routers = {
lan2wan = {};
};
}
default
{
services.firehol.routers = {};
}
services.firehol.routers.<name>.dst
type
submodule
default
{
services.firehol.routers.<name>.dst = {};
}
services.firehol.routers.<name>.dst.deny
type
boolean
default
{
services.firehol.routers.<name>.dst.deny = false;
}
services.firehol.routers.<name>.dst.ip
type
string
default
{
services.firehol.routers.<name>.dst.ip = "";
}
services.firehol.routers.<name>.inface
Input interface
type
string
default
{
services.firehol.routers.<name>.inface = "lan";
}
services.firehol.routers.<name>.name
Router name
type
string
default
{
services.firehol.routers.<name>.name = "‹name›";
}
services.firehol.routers.<name>.outface
Output interface
type
string
default
{
services.firehol.routers.<name>.outface = "";
}
services.firehol.routers.<name>.rules
type
list of string
default
{
services.firehol.routers.<name>.rules = [
"client all accept"
];
}
services.firehol.routers.<name>.src
type
submodule
default
{
services.firehol.routers.<name>.src = {};
}
services.firehol.routers.<name>.src.deny
type
boolean
default
{
services.firehol.routers.<name>.src.deny = false;
}
services.firehol.routers.<name>.src.ip
type
string
default
{
services.firehol.routers.<name>.src.ip = "";
}