diff options
| author | Maciej Krüger <mkg20001@gmail.com> | 2023-03-27 20:09:46 +0200 |
|---|---|---|
| committer | Maciej Krüger <mkg20001@gmail.com> | 2023-08-28 00:40:21 +0200 |
| commit | a1dd69d7615feb8d3f6ddc63351849f279344395 (patch) | |
| tree | 19b1923a69eff02b0f723d8f3417460b2e02a2a6 | |
| parent | 55213b54f0ebb96250021a8788e36126174ca8a7 (diff) | |
| download | nixpkgs-a1dd69d7615feb8d3f6ddc63351849f279344395.tar nixpkgs-a1dd69d7615feb8d3f6ddc63351849f279344395.tar.gz nixpkgs-a1dd69d7615feb8d3f6ddc63351849f279344395.tar.bz2 nixpkgs-a1dd69d7615feb8d3f6ddc63351849f279344395.tar.lz nixpkgs-a1dd69d7615feb8d3f6ddc63351849f279344395.tar.xz nixpkgs-a1dd69d7615feb8d3f6ddc63351849f279344395.tar.zst nixpkgs-a1dd69d7615feb8d3f6ddc63351849f279344395.zip | |
networking/nftables: enable flushRuleset by default if rulset{,File} used
| -rw-r--r-- | nixos/modules/services/networking/nftables.nix | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/nftables.nix b/nixos/modules/services/networking/nftables.nix index 2107448131e..cf32876c2c5 100644 --- a/nixos/modules/services/networking/nftables.nix +++ b/nixos/modules/services/networking/nftables.nix @@ -229,7 +229,8 @@ in boot.blacklistedKernelModules = [ "ip_tables" ]; environment.systemPackages = [ pkgs.nftables ]; networking.networkmanager.firewallBackend = mkDefault "nftables"; - networking.nftables.flushRuleset = mkDefault (versionOlder config.system.stateVersion "23.11"); + # versionOlder for backportability, remove afterwards + networking.nftables.flushRuleset = mkDefault (versionOlder config.system.stateVersion "23.11" || (cfg.rulesetFile != null || cfg.ruleset != "")); systemd.services.nftables = { description = "nftables firewall"; before = [ "network-pre.target" ]; |