diff --git a/pkgs/by-name/ni/nixos-firewall-tool/nixos-firewall-tool.sh b/pkgs/by-name/ni/nixos-firewall-tool/nixos-firewall-tool.sh new file mode 100755 index 000000000000..17e7ce8a724c --- /dev/null +++ b/pkgs/by-name/ni/nixos-firewall-tool/nixos-firewall-tool.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env bash + +set -euo pipefail + +ip46tables() { + iptables -w "$@" + ip6tables -w "$@" + +} + +show_help() { + echo "nixos-firewall-tool" + echo "" + echo "Can temporarily manipulate the NixOS firewall" + echo "" + echo "Open TCP port:" + echo " nixos-firewall-tool open tcp 8888" + echo "" + echo "Show all firewall rules:" + echo " nixos-firewall-tool show" + echo "" + echo "Open UDP port:" + echo " nixos-firewall-tool open udp 51820" + echo "" + echo "Reset firewall configuration to system settings:" + echo " nixos-firewall-tool reset" +} + +if [[ -z ${1+x} ]]; then + show_help + exit 1 +fi + +case $1 in + "open") + protocol="$2" + port="$3" + + ip46tables -I nixos-fw -p "$protocol" --dport "$port" -j nixos-fw-accept + ;; + "show") + ip46tables --numeric --list nixos-fw + ;; + "reset") + systemctl restart firewall.service + ;; + -h|--help|help) + show_help + exit 0 + ;; + *) + show_help + exit 1 + ;; +esac diff --git a/pkgs/by-name/ni/nixos-firewall-tool/package.nix b/pkgs/by-name/ni/nixos-firewall-tool/package.nix new file mode 100644 index 000000000000..78af5cb8d571 --- /dev/null +++ b/pkgs/by-name/ni/nixos-firewall-tool/package.nix @@ -0,0 +1,15 @@ +{ writeShellApplication, iptables, lib }: + +writeShellApplication { + name = "nixos-firewall-tool"; + text = builtins.readFile ./nixos-firewall-tool.sh; + runtimeInputs = [ + iptables + ]; + + meta = with lib; { + description = "Temporarily manipulate the NixOS firewall"; + license = licenses.mit; + maintainers = with maintainers; [ clerie ]; + }; +}