diff options
author | Andrew Childs <lorne@cons.org.nz> | 2019-11-17 13:48:53 +0900 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-03-14 04:32:07 +0000 |
commit | 2c121f421551355d3ea61e4b83ea269df83f2027 (patch) | |
tree | edb7057ece48191ba72050183cb7d6d8f7869a29 /nixos/modules/services/networking/firewall.nix | |
parent | 7ed8a2c7f55d725f3eb590464f6659cea55e28ed (diff) | |
download | nixpkgs-2c121f421551355d3ea61e4b83ea269df83f2027.tar nixpkgs-2c121f421551355d3ea61e4b83ea269df83f2027.tar.gz nixpkgs-2c121f421551355d3ea61e4b83ea269df83f2027.tar.bz2 nixpkgs-2c121f421551355d3ea61e4b83ea269df83f2027.tar.lz nixpkgs-2c121f421551355d3ea61e4b83ea269df83f2027.tar.xz nixpkgs-2c121f421551355d3ea61e4b83ea269df83f2027.tar.zst nixpkgs-2c121f421551355d3ea61e4b83ea269df83f2027.zip |
nixos/firewall: fix inverted assertion for reverse path filtering
Previously the assertion passed if the kernel had support OR the filter was *enabled*. In the case of a kernel without support, the `checkReversePath` option defaulted to false, and then failed the assertion.
Diffstat (limited to 'nixos/modules/services/networking/firewall.nix')
-rw-r--r-- | nixos/modules/services/networking/firewall.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index 15aaf741067..b0045ff795e 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -546,7 +546,7 @@ in options nf_conntrack nf_conntrack_helper=1 ''; - assertions = [ { assertion = (cfg.checkReversePath != false) || kernelHasRPFilter; + assertions = [ { assertion = cfg.checkReversePath -> kernelHasRPFilter; message = "This kernel does not support rpfilter"; } ]; |