summary refs log tree commit diff
path: root/doc
diff options
context:
space:
mode:
author宋文武 <iyzsong@member.fsf.org>2019-09-13 17:53:59 +0800
committer宋文武 <iyzsong@member.fsf.org>2019-09-18 19:04:59 +0800
commit3c4f5ad7f403cc5ff0524d62a8612b0decaeaeb8 (patch)
treeeb0bcaf462b78f882f165b2e384b0c909ba60ba5 /doc
parent62790449e61bfdf7835790fae89e49c210a08418 (diff)
downloadguix-3c4f5ad7f403cc5ff0524d62a8612b0decaeaeb8.tar.gz
services: Add nftables-service-type.
* gnu/services/networking.scm (%default-nftables-ruleset): New variable.
(<nftables-configuration>): New record type.
(nftables-shepherd-service): New procedure.
(nftables-service-type): New service type.
* doc/guix.texi (Networking Services): Document it.
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi27
1 files changed, 27 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 55935b3794..666ecb5b47 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -13041,6 +13041,33 @@ objects}).
 @end table
 @end deftp
 
+@cindex nftables
+@defvr {Scheme Variable} nftables-service-type
+This is the service type to set up a nftables configuration.  nftables is a
+netfilter project that aims to replace the existing iptables, ip6tables,
+arptables and ebtables framework.  It provides a new packet filtering
+framework, a new user-space utility @command{nft}, and a compatibility layer
+for iptables.  This service comes with a default ruleset
+@code{%default-nftables-ruleset} that rejecting all incomming connections
+except those to the ssh port 22.  To use it, simply write:
+
+@lisp
+(service nftables-service-type)
+@end lisp
+@end defvr
+
+@deftp {Data Type} nftables-configuration
+The data type representing the configuration of nftables.
+
+@table @asis
+@item @code{package} (default: @code{nftables})
+The nftables package that provides @command{nft}.
+@item @code{ruleset} (default: @code{%default-nftables-ruleset})
+The nftables ruleset to use.  This may be any ``file-like'' object
+(@pxref{G-Expressions, file-like objects}).
+@end table
+@end deftp
+
 @cindex NTP (Network Time Protocol), service
 @cindex ntpd, service for the Network Time Protocol daemon
 @cindex real time clock