firewall improved to use module tables feature

2025-07-01 17:32:55 -04:00 · 2025-07-01 17:32:55 -04:00 · 9fc3927c86
commit 9fc3927c86
parent 69e69c2b7f
1 changed files with 26 additions and 22 deletions
--- a/modules/nixos/common/firewall.nix
+++ b/modules/nixos/common/firewall.nix
@ -1,33 +1,37 @@
 {
-  lib,
+  # lib,
-  pkgs,
+  # pkgs,
-  config,
+  # config,
  ...
 }:
 {
  networking.nftables = {
    enable = true;
-    ruleset = ''
+    tables = {
-      table inet filter {
+      yggSsh = {
-        chain input {
+        name = "yggSsh";
-          type filter hook input priority filter; policy accept;
+        family = "inet";
-          ct state related,established accept
+        content = ''
          chain input {
            type filter hook input priority filter; policy accept;
            ct state related,established accept
-          # Restrict ygg0: only allow SSH in
+            # Restrict ygg0: only allow SSH in
-          iifname "ygg0" tcp dport 22 accept
+            iifname "ygg0" tcp dport 22 accept
-          iifname "ygg0" drop
+            iifname "ygg0" drop
-        }
+          }
-        chain forward {
+          chain forward {
-          type filter hook forward priority filter; policy accept;
+            type filter hook forward priority filter; policy accept;
-          # Optional: drop forwarding via ygg0
+            # Optional: drop forwarding via ygg0
-          iifname "ygg0" drop
+            iifname "ygg0" drop
-        }
+          }
-        chain output {
+          chain output {
-          type filter hook output priority filter; policy accept;
+            type filter hook output priority filter; policy accept;
-        }
+          }
-      }
+        '';
-    '';
+      };
    };
  };
 }