firewall improved to use module tables feature

2025-07-01 17:32:55 -04:00 · 2025-07-01 17:32:55 -04:00 · 9fc3927c86
commit 9fc3927c86
parent 69e69c2b7f
1 changed files with 26 additions and 22 deletions
--- a/modules/nixos/common/firewall.nix
+++ b/modules/nixos/common/firewall.nix
@ -1,33 +1,37 @@
 {
-  lib,
-  pkgs,
-  config,
+  # lib,
+  # pkgs,
+  # config,
  ...
 }:
 {
  networking.nftables = {
    enable = true;
-    ruleset = ''
-      table inet filter {
-        chain input {
-          type filter hook input priority filter; policy accept;
-          ct state related,established accept
+    tables = {
+      yggSsh = {
+        name = "yggSsh";
+        family = "inet";
+        content = ''
+          chain input {
+            type filter hook input priority filter; policy accept;
+            ct state related,established accept

-          # Restrict ygg0: only allow SSH in
-          iifname "ygg0" tcp dport 22 accept
-          iifname "ygg0" drop
-        }
+            # Restrict ygg0: only allow SSH in
+            iifname "ygg0" tcp dport 22 accept
+            iifname "ygg0" drop
+          }

-        chain forward {
-          type filter hook forward priority filter; policy accept;
-          # Optional: drop forwarding via ygg0
-          iifname "ygg0" drop
-        }
+          chain forward {
+            type filter hook forward priority filter; policy accept;
+            # Optional: drop forwarding via ygg0
+            iifname "ygg0" drop
+          }

-        chain output {
-          type filter hook output priority filter; policy accept;
-        }
-      }
-    '';
+          chain output {
+            type filter hook output priority filter; policy accept;
+          }
+        '';
+      };
+    };
  };
 }