diff options
| author | Mathijs Kwik <mathijs@bluescreen303.nl> | 2017-11-19 22:11:32 +0100 |
|---|---|---|
| committer | Mathijs Kwik <mathijs@bluescreen303.nl> | 2017-11-19 22:24:56 +0100 |
| commit | 05761e9504a97d6ffa404508f83b91cc689a3f23 (patch) | |
| tree | 0aa405f6922f20a7fb67832bce0b1d85302fd47e /nixos/modules/services/networking/firewall.nix | |
| parent | 944f35741cc6c38d1f9c1fcd71bbeec745d43f0c (diff) | |
| download | nixpkgs-05761e9504a97d6ffa404508f83b91cc689a3f23.tar nixpkgs-05761e9504a97d6ffa404508f83b91cc689a3f23.tar.gz nixpkgs-05761e9504a97d6ffa404508f83b91cc689a3f23.tar.bz2 nixpkgs-05761e9504a97d6ffa404508f83b91cc689a3f23.tar.lz nixpkgs-05761e9504a97d6ffa404508f83b91cc689a3f23.tar.xz nixpkgs-05761e9504a97d6ffa404508f83b91cc689a3f23.tar.zst nixpkgs-05761e9504a97d6ffa404508f83b91cc689a3f23.zip | |
firewall: fix rpfilter blocking dhcp offers when no ip was bound yet
Diffstat (limited to 'nixos/modules/services/networking/firewall.nix')
| -rw-r--r-- | nixos/modules/services/networking/firewall.nix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index 9bd88ca1707..bce48c8f65e 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -125,6 +125,9 @@ let ip46tables -t raw -N nixos-fw-rpfilter 2> /dev/null || true ip46tables -t raw -A nixos-fw-rpfilter -m rpfilter ${optionalString (cfg.checkReversePath == "loose") "--loose"} -j RETURN + # Allows this host to act as a DHCP4 client without first having to use APIPA + iptables -t raw -A nixos-fw-rpfilter -p udp --sport 67 --dport 68 -j RETURN + # Allows this host to act as a DHCPv4 server iptables -t raw -A nixos-fw-rpfilter -s 0.0.0.0 -d 255.255.255.255 -p udp --sport 68 --dport 67 -j RETURN |