nixos-firehol

services.firehol.enable

Whether to enable Firehol firewall for humans!.

type

boolean

example

{
  services.firehol.enable = true;
}

default

{
  services.firehol.enable = false;
}

services.firehol.interfaces

List of interfaces to use

type

(attribute set of (submodule)) or (list of (attribute set)) convertible to it

example

{
  services.firehol.interfaces = {
    eth1 = {
      myname = "lan";
    };
  };
}

default

{
  services.firehol.interfaces = {};
}

services.firehol.interfaces.<name>.dst

type

submodule

default

{
  services.firehol.interfaces.<name>.dst = {};
}

services.firehol.interfaces.<name>.dst.deny

type

boolean

default

{
  services.firehol.interfaces.<name>.dst.deny = false;
}

services.firehol.interfaces.<name>.dst.ip

type

string

default

{
  services.firehol.interfaces.<name>.dst.ip = "";
}

services.firehol.interfaces.<name>.myname

Interface custom name for readability

type

string

default

{
  services.firehol.interfaces.<name>.myname = "lan";
}

services.firehol.interfaces.<name>.name

Interface name

type

string

default

{
  services.firehol.interfaces.<name>.name = "‹name›";
}

services.firehol.interfaces.<name>.policy

Default policy on this interface

type

one of “accept”, “reject”, “drop”

default

{
  services.firehol.interfaces.<name>.policy = "drop";
}

services.firehol.interfaces.<name>.rules

type

list of string

default

{
  services.firehol.interfaces.<name>.rules = [
    "client all accept"
  ];
}

services.firehol.interfaces.<name>.src

type

submodule

default

{
  services.firehol.interfaces.<name>.src = {};
}

services.firehol.interfaces.<name>.src.deny

type

boolean

default

{
  services.firehol.interfaces.<name>.src.deny = false;
}

services.firehol.interfaces.<name>.src.ip

type

string

default

{
  services.firehol.interfaces.<name>.src.ip = "";
}

services.firehol.routers

List of Routers to create

type

(attribute set of (submodule)) or (list of (attribute set)) convertible to it

example

{
  services.firehol.routers = {
    lan2wan = {};
  };
}

default

{
  services.firehol.routers = {};
}

services.firehol.routers.<name>.dst

type

submodule

default

{
  services.firehol.routers.<name>.dst = {};
}

services.firehol.routers.<name>.dst.deny

type

boolean

default

{
  services.firehol.routers.<name>.dst.deny = false;
}

services.firehol.routers.<name>.dst.ip

type

string

default

{
  services.firehol.routers.<name>.dst.ip = "";
}

services.firehol.routers.<name>.inface

Input interface

type

string

default

{
  services.firehol.routers.<name>.inface = "lan";
}

services.firehol.routers.<name>.name

Router name

type

string

default

{
  services.firehol.routers.<name>.name = "‹name›";
}

services.firehol.routers.<name>.outface

Output interface

type

string

default

{
  services.firehol.routers.<name>.outface = "";
}

services.firehol.routers.<name>.rules

type

list of string

default

{
  services.firehol.routers.<name>.rules = [
    "client all accept"
  ];
}

services.firehol.routers.<name>.src

type

submodule

default

{
  services.firehol.routers.<name>.src = {};
}

services.firehol.routers.<name>.src.deny

type

boolean

default

{
  services.firehol.routers.<name>.src.deny = false;
}

services.firehol.routers.<name>.src.ip

type

string

default

{
  services.firehol.routers.<name>.src.ip = "";
}

This site is open source. Improve this page.