cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

networking/nftables: enable flushRuleset by default if rulset{,File} used

Browse source
This commit is contained in:
Maciej Krüger 2023-03-27 20:09:46 +02:00
parent 55213b54f0
commit a1dd69d761
No known key found for this signature in database
GPG key ID: 0D948CE19CF49C5F
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
nixos/modules/services/networking/nftables.nix
View file

@ -229,7 +229,8 @@ in
boot.blacklistedKernelModules = [ "ip_tables" ];
environment.systemPackages = [ pkgs.nftables ];
networking.networkmanager.firewallBackend = mkDefault "nftables";
networking.nftables.flushRuleset = mkDefault (versionOlder config.system.stateVersion "23.11");
# versionOlder for backportability, remove afterwards
networking.nftables.flushRuleset = mkDefault (versionOlder config.system.stateVersion "23.11" || (cfg.rulesetFile != null || cfg.ruleset != ""));
systemd.services.nftables = {
description = "nftables firewall";
before = [ "network-pre.target" ];