nixos/nat: add dmzHost option (#32257)

NixOS · Dec 4, 2017 · 4f8a65a · 4f8a65a
1 parent 13797ff
commit 4f8a65a
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix
@@ -53,6 +53,12 @@ let
         -j DNAT --to-destination ${fwd.destination}
     '') cfg.forwardPorts}
 
+    ${optionalString (cfg.dmzHost != null) ''
+      iptables -w -t nat -A nixos-nat-pre \
+        -i ${cfg.externalInterface} -j DNAT \
+	--to-destination ${cfg.dmzHost}
+    ''}
+
     # Append our chains to the nat tables
     iptables -w -t nat -A PREROUTING -j nixos-nat-pre
     iptables -w -t nat -A POSTROUTING -j nixos-nat-post
@@ -153,6 +159,17 @@ in
         '';
     };
 
+    networking.nat.dmzHost = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      example = "10.0.0.1";
+      description =
+        ''
+          The local IP address to which all traffic that does not match any
+          forwarding rule is forwarded.
+        '';
+    };
+
   };