From 3c4f5ad7f403cc5ff0524d62a8612b0decaeaeb8 Mon Sep 17 00:00:00 2001 From: 宋文武 Date: Fri, 13 Sep 2019 17:53:59 +0800 Subject: services: Add nftables-service-type. * gnu/services/networking.scm (%default-nftables-ruleset): New variable. (): New record type. (nftables-shepherd-service): New procedure. (nftables-service-type): New service type. * doc/guix.texi (Networking Services): Document it. --- doc/guix.texi | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'doc/guix.texi') diff --git a/doc/guix.texi b/doc/guix.texi index 55935b3794..666ecb5b47 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13041,6 +13041,33 @@ objects}). @end table @end deftp +@cindex nftables +@defvr {Scheme Variable} nftables-service-type +This is the service type to set up a nftables configuration. nftables is a +netfilter project that aims to replace the existing iptables, ip6tables, +arptables and ebtables framework. It provides a new packet filtering +framework, a new user-space utility @command{nft}, and a compatibility layer +for iptables. This service comes with a default ruleset +@code{%default-nftables-ruleset} that rejecting all incomming connections +except those to the ssh port 22. To use it, simply write: + +@lisp +(service nftables-service-type) +@end lisp +@end defvr + +@deftp {Data Type} nftables-configuration +The data type representing the configuration of nftables. + +@table @asis +@item @code{package} (default: @code{nftables}) +The nftables package that provides @command{nft}. +@item @code{ruleset} (default: @code{%default-nftables-ruleset}) +The nftables ruleset to use. This may be any ``file-like'' object +(@pxref{G-Expressions, file-like objects}). +@end table +@end deftp + @cindex NTP (Network Time Protocol), service @cindex ntpd, service for the Network Time Protocol daemon @cindex real time clock -- cgit v1.2.3