diff options
author | Nikolay Amiantov <ab@fmap.me> | 2018-04-17 12:40:05 +0300 |
---|---|---|
committer | Nikolay Amiantov <ab@fmap.me> | 2018-04-17 12:41:36 +0300 |
commit | b81aa02800795724fe0a01e7544c49b04a40994a (patch) | |
tree | a01e647052ea87f9b4b9e5afa7d10991cc052e83 /nixos/modules/services/networking/firewall.nix | |
parent | e0c9a255882e7a9da4604aeb561f28c72046fece (diff) | |
download | nixpkgs-b81aa02800795724fe0a01e7544c49b04a40994a.tar nixpkgs-b81aa02800795724fe0a01e7544c49b04a40994a.tar.gz nixpkgs-b81aa02800795724fe0a01e7544c49b04a40994a.tar.bz2 nixpkgs-b81aa02800795724fe0a01e7544c49b04a40994a.tar.lz nixpkgs-b81aa02800795724fe0a01e7544c49b04a40994a.tar.xz nixpkgs-b81aa02800795724fe0a01e7544c49b04a40994a.tar.zst nixpkgs-b81aa02800795724fe0a01e7544c49b04a40994a.zip |
firewall service: run stop commands in reload
Do cleanup of user-created additional rules. Of course it'd be much better to just use iptables-{save,restore} for declarative management, but as it's still not there...
Diffstat (limited to 'nixos/modules/services/networking/firewall.nix')
-rw-r--r-- | nixos/modules/services/networking/firewall.nix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index 20c0b0acf16..c4bd0e7f9ee 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -242,6 +242,9 @@ let # Don't allow traffic to leak out until the script has completed ip46tables -A INPUT -j nixos-drop + + ${cfg.extraStopCommands} + if ${startScript}; then ip46tables -D INPUT -j nixos-drop 2>/dev/null || true else |