API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 12th, 2021
130
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Scheme 2.70 KB | None | 0 0
raw download clone embed print report
  1. ;;;                                                    
  2. ;;; Firewall                                                                                                          
  3. ;;;
  4.                                                            
  5. (define-record-type* <firewall-configuration>
  6.   firewall-configuration make-firewall-configuration
  7.   firewall-configuration?
  8.   (tcp firewall-configuration-tcp                                                                                      
  9.        (default '()))
  10.   (udp firewall-configuration-udp                      
  11.        (default '())))                                                                                                
  12.  
  13. (define (firewall-configuration->file tcp udp)
  14.   "Return the iptables rules from the ports list"
  15.   (computed-file
  16.    "firewall-generated-rules"
  17.    (with-imported-modules '((guix build utils))
  18.      #~(begin
  19.          (use-modules (guix build utils)
  20.                       (ice-9 match))
  21.          (call-with-output-file #$output
  22.            (lambda (out)
  23.              (display "\
  24. *filter
  25. :INPUT DROP
  26. :FORWARD DROP
  27. :OUTPUT ACCEPT
  28. -A INPUT -i lo -j ACCEPT
  29. -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n" out)
  30.  
  31.              ;; tcp rules
  32.              (when (not (null? (list #$@tcp)))
  33.                (format out "\
  34. ~{-A INPUT -p tcp --dport ~a -j ACCEPT~%~}"
  35.                        (list #$@tcp)))
  36.              
  37.              ;; udp rules
  38.              (when (not (null? (list #$@udp)))
  39.                (format out "\
  40. ~{-A INPUT -p udp --dport ~a -j ACCEPT~%~}"
  41.                        (list #$@udp)))
  42.              (display "COMMIT\n" out)
  43.              #t))))))
  44.  
  45. (define firewall-shepherd-service
  46.   (match-lambda
  47.     (($ <firewall-configuration> tcp udp)
  48.      (let* ((iptables-restore (file-append iptables "/sbin/iptables-restore"))
  49.             (ip6tables-restore (file-append iptables "/sbin/ip6tables-restore"))
  50.             (ruleset (firewall-configuration->file tcp udp)))
  51.        (shepherd-service
  52.         (documentation "Easy firewall management")
  53.         (provision '(firewall))
  54.         (start #~(lambda _
  55.                    (invoke #$iptables-restore  #$ruleset)
  56.                    (invoke #$ip6tables-restore #$ruleset)))
  57.         (stop #~(lambda _
  58.                   (invoke #$iptables-restore #$ruleset)
  59.                   (invoke #$ip6tables-restore #$ruleset))))))))
  60.  
  61. (define firewall-service-type
  62.   (service-type
  63.    (name 'firewall)
  64.    (description
  65.     "Run @command{iptables-restore}, setting up the specified rules.")
  66.    (extensions
  67.     (list (service-extension shepherd-root-service-type
  68.                              (compose list firewall-shepherd-service))))))
  69.  
  70.  
  71. ;;; networking.scm ends here
  72.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!