diff options
| author | Richard Zetterberg <rzetterberg@users.noreply.github.com> | 2017-03-25 16:34:02 +0100 |
|---|---|---|
| committer | Robin Gloster <mail@glob.in> | 2017-03-25 16:34:02 +0100 |
| commit | dc10688edbfabe516a708e6dc2341fb5cfc2d3ad (patch) | |
| tree | d2dbd7c9c8b00bf7b88753721a910ff1223acc19 /nixos/modules/services/networking/nftables.nix | |
| parent | f087b7594150998652f6b7945b0ca86bceba9e79 (diff) | |
| download | nixpkgs-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.tar nixpkgs-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.tar.gz nixpkgs-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.tar.bz2 nixpkgs-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.tar.lz nixpkgs-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.tar.xz nixpkgs-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.tar.zst nixpkgs-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.zip | |
nftables: adds information regarding nftables and Docker (#24326)
Diffstat (limited to 'nixos/modules/services/networking/nftables.nix')
| -rw-r--r-- | nixos/modules/services/networking/nftables.nix | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/nftables.nix b/nixos/modules/services/networking/nftables.nix index 029c3df8993..56b94205414 100644 --- a/nixos/modules/services/networking/nftables.nix +++ b/nixos/modules/services/networking/nftables.nix @@ -17,6 +17,17 @@ in This conflicts with the standard networking firewall, so make sure to disable it before using nftables. + + Note that if you have Docker enabled you will not be able to use + nftables without intervention. Docker uses iptables internally to + setup NAT for containers. This module disables the ip_tables kernel + module, however Docker automatically loads the module. Please see [1] + for more information. + + There are other programs that use iptables internally too, such as + libvirt. + + [1]: https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273 ''; }; networking.nftables.ruleset = mkOption { |