diff options
author | Sandro <sandro.jaeckel@gmail.com> | 2021-08-08 15:03:26 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-08-08 15:03:26 +0200 |
commit | b739a14b37354c313ad591436978ce2f610e185e (patch) | |
tree | bb2c101f2bda8eb1b55dfe824b60dc28f85391ad /nixos/modules/services/networking | |
parent | 611bc7c23b1ec86f12f2d2cd8a79f965b51d0432 (diff) | |
parent | 19b1eac1b07b2c13555593fa4fbc53cffc61952c (diff) | |
download | nixpkgs-b739a14b37354c313ad591436978ce2f610e185e.tar nixpkgs-b739a14b37354c313ad591436978ce2f610e185e.tar.gz nixpkgs-b739a14b37354c313ad591436978ce2f610e185e.tar.bz2 nixpkgs-b739a14b37354c313ad591436978ce2f610e185e.tar.lz nixpkgs-b739a14b37354c313ad591436978ce2f610e185e.tar.xz nixpkgs-b739a14b37354c313ad591436978ce2f610e185e.tar.zst nixpkgs-b739a14b37354c313ad591436978ce2f610e185e.zip |
Merge pull request #121906 from ymarkus/nixos-mullvad
nixos/mullvad-vpn: fix firewall issues & remove xfix as maintainer
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/mullvad-vpn.nix | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/mullvad-vpn.nix b/nixos/modules/services/networking/mullvad-vpn.nix index 8ce71f26b3e..9ec1ddc929e 100644 --- a/nixos/modules/services/networking/mullvad-vpn.nix +++ b/nixos/modules/services/networking/mullvad-vpn.nix @@ -9,6 +9,7 @@ with lib; default = false; description = '' This option enables Mullvad VPN daemon. + This sets <option>networking.firewall.checkReversePath</option> to "loose", which might be undesirable for security. ''; }; @@ -18,6 +19,9 @@ with lib; # mullvad-daemon writes to /etc/iproute2/rt_tables networking.iproute2.enable = true; + # See https://github.com/NixOS/nixpkgs/issues/113589 + networking.firewall.checkReversePath = "loose"; + systemd.services.mullvad-daemon = { description = "Mullvad VPN daemon"; wantedBy = [ "multi-user.target" ]; @@ -42,5 +46,5 @@ with lib; }; }; - meta.maintainers = [ maintainers.xfix ]; + meta.maintainers = with maintainers; [ ymarkus ]; } |