1 files changed, 8 insertions, 19 deletions

diff --git a/router.nix b/router.nix
index 79c4f7b..9157380 100644
--- a/router.nix
+++ b/router.nix
@@ -1,4 +1,7 @@
-{ config, pkgs, inputs, ... }:
+{ config, pkgs, inputs, lib, ... }:
+let
+  internalInterfaces = [ "ethlan" "wlan" "docker0" "wglan" ];
+in
 {
   boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true;
 
@@ -12,28 +15,14 @@
         67
         51829
       ];
-      extraForwardRules = ''
-        iifname "ethlan"     oifname "wlan-staff" accept
-        iifname "ethlan"     oifname "wlan-guest" accept
-        iifname "ethlan"     oifname "wglan"      accept
-
-        iifname "wlan-staff" oifname "ethlan"     accept
-        iifname "wlan-staff" oifname "wlan-guest" accept
-        iifname "wlan-staff" oifname "wglan"      accept
-
-        iifname "wlan-guest" oifname "ethlan"     accept
-        iifname "wlan-guest" oifname "wlan-staff" accept
-        iifname "wlan-guest" oifname "wglan"      accept
-
-        iifname "wglan"      oifname "ethlan"     accept
-        iifname "wglan"      oifname "wlan-staff" accept
-        iifname "wglan"      oifname "wlan-guest" accept
-      '';
+      extraForwardRules = lib.concatStringsSep "\n" (lib.concatMap (iif: (lib.concatMap (oif:
+        if iif == oif then [] else [ ''iifname "${iif}" oifname "${oif}" accept'' ]
+      ) internalInterfaces)) internalInterfaces);
     };
     nat = {
       enable = true;
       externalInterface = "wan";
-      internalInterfaces = [ "ethlan" "wlan" "docker0" "wglan" ];
+      inherit internalInterfaces;
       forwardPorts = [
         {
           sourcePort = 80;