diff options
| -rw-r--r-- | hosts/darkstar/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index a3d82e1..b9b4e39 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -95,7 +95,7 @@ systemd.services."nftables-extra" = { description = "nftables extra firewall rules"; script = '' - ${pkgs.nftables}/bin/nft -a list chain inet nixos-fw input | ${pkgs.gnugrep}/bin/grep @anveo | ${pkgs.gnugrep}/bin/grep -Eo 'handle [[:digit:]]+$' | ${pkgs.gnused}/bin/sed -e 's/^handle //' | while read handle; do ${pkgs.nftables}/bin/nft delete rule inet nixos-fw input handle ${handle}; done + ${pkgs.nftables}/bin/nft -a list chain inet nixos-fw input | ${pkgs.gnugrep}/bin/grep @anveo | ${pkgs.gnugrep}/bin/grep -Eo 'handle [[:digit:]]+$' | ${pkgs.gnused}/bin/sed -e 's/^handle //' | while read handle; do ${pkgs.nftables}/bin/nft delete rule inet nixos-fw input handle ''${handle}; done if ${pkgs.nftables}/bin/nft list set inet nixos-fw anveo 2>/dev/null; then ${pkgs.nftables}/bin/nft delete set inet nixos-fw anveo; fi if ${pkgs.nftables}/bin/nft list ct helpers table inet nixos-fw | ${pkgs.gnugrep}/bin/grep -qE '^[[:space:]]*ct helper sip-5060 {$'; then ${pkgs.nftables}/bin/nft delete ct helper inet nixos-fw sip-5060; fi ${pkgs.nftables}/bin/nft add ct helper inet nixos-fw sip-5060 '{type "sip" protocol udp;}' |