diff options
author | 宋文武 <iyzsong@member.fsf.org> | 2019-09-13 17:53:59 +0800 |
---|---|---|
committer | 宋文武 <iyzsong@member.fsf.org> | 2019-09-18 19:04:59 +0800 |
commit | 3c4f5ad7f403cc5ff0524d62a8612b0decaeaeb8 (patch) | |
tree | eb0bcaf462b78f882f165b2e384b0c909ba60ba5 /doc | |
parent | 62790449e61bfdf7835790fae89e49c210a08418 (diff) | |
download | patches-3c4f5ad7f403cc5ff0524d62a8612b0decaeaeb8.tar patches-3c4f5ad7f403cc5ff0524d62a8612b0decaeaeb8.tar.gz |
services: Add nftables-service-type.
* gnu/services/networking.scm (%default-nftables-ruleset): New variable.
(<nftables-configuration>): New record type.
(nftables-shepherd-service): New procedure.
(nftables-service-type): New service type.
* doc/guix.texi (Networking Services): Document it.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guix.texi | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 55935b3794..666ecb5b47 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13041,6 +13041,33 @@ objects}). @end table @end deftp +@cindex nftables +@defvr {Scheme Variable} nftables-service-type +This is the service type to set up a nftables configuration. nftables is a +netfilter project that aims to replace the existing iptables, ip6tables, +arptables and ebtables framework. It provides a new packet filtering +framework, a new user-space utility @command{nft}, and a compatibility layer +for iptables. This service comes with a default ruleset +@code{%default-nftables-ruleset} that rejecting all incomming connections +except those to the ssh port 22. To use it, simply write: + +@lisp +(service nftables-service-type) +@end lisp +@end defvr + +@deftp {Data Type} nftables-configuration +The data type representing the configuration of nftables. + +@table @asis +@item @code{package} (default: @code{nftables}) +The nftables package that provides @command{nft}. +@item @code{ruleset} (default: @code{%default-nftables-ruleset}) +The nftables ruleset to use. This may be any ``file-like'' object +(@pxref{G-Expressions, file-like objects}). +@end table +@end deftp + @cindex NTP (Network Time Protocol), service @cindex ntpd, service for the Network Time Protocol daemon @cindex real time clock |