diff options
author | tv <tv@krebsco.de> | 2016-02-08 02:19:38 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-02-08 02:24:17 +0100 |
commit | 356bb8e0d3f9add02e177a3bdfa9314e1369748e (patch) | |
tree | 193afca4018d76c58aeccc3a05cdcbd623c80b36 /tv/3modules/iptables.nix | |
parent | 7f7256a76f5698a9f8599ce71780f47ab13590f4 (diff) |
tv.iptables: redirect 11423 locally too
Diffstat (limited to 'tv/3modules/iptables.nix')
-rw-r--r-- | tv/3modules/iptables.nix | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index 9d5b5d075..a4ebef44f 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -68,12 +68,13 @@ let :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] - ${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") ([] - ++ [ - "! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0" - "-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22" - ] - )} + ${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") [ + "! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0" + "-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22" + ]} + ${concatMapStringsSep "\n" (rule: "-A OUTPUT ${rule}") [ + "-o lo -p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22" + ]} COMMIT *filter :INPUT DROP [0:0] |