diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2021-07-24 15:42:17 +0200 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2021-07-24 15:42:17 +0200 |
commit | 935113fe43940c5a65e4ee85df4bb63a4761e456 (patch) | |
tree | 61eddf72923507a09e534ef6d98eeebe72762fab /nixos/modules | |
parent | ce7fd65bb8931f6aaa6efbb3de7acec347c909f1 (diff) | |
parent | f50fa1aca14268a5ac9a0c9e5ef8d8f3febe206a (diff) | |
download | nixpkgs-935113fe43940c5a65e4ee85df4bb63a4761e456.tar nixpkgs-935113fe43940c5a65e4ee85df4bb63a4761e456.tar.gz nixpkgs-935113fe43940c5a65e4ee85df4bb63a4761e456.tar.bz2 nixpkgs-935113fe43940c5a65e4ee85df4bb63a4761e456.tar.lz nixpkgs-935113fe43940c5a65e4ee85df4bb63a4761e456.tar.xz nixpkgs-935113fe43940c5a65e4ee85df4bb63a4761e456.tar.zst nixpkgs-935113fe43940c5a65e4ee85df4bb63a4761e456.zip |
Merge staging into staging-next
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/networking/networkmanager.nix | 10 | ||||
-rw-r--r-- | nixos/modules/services/networking/nftables.nix | 1 |
2 files changed, 11 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 064018057cd..4be9fc952a8 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -49,6 +49,7 @@ let rc-manager = if config.networking.resolvconf.enable then "resolvconf" else "unmanaged"; + firewall-backend = cfg.firewallBackend; }) (mkSection "keyfile" { unmanaged-devices = @@ -244,6 +245,15 @@ in { ''; }; + firewallBackend = mkOption { + type = types.enum [ "iptables" "nftables" "none" ]; + default = "iptables"; + description = '' + Which firewall backend should be used for configuring masquerading with shared mode. + If set to none, NetworkManager doesn't manage the configuration at all. + ''; + }; + logLevel = mkOption { type = types.enum [ "OFF" "ERR" "WARN" "INFO" "DEBUG" "TRACE" ]; default = "WARN"; diff --git a/nixos/modules/services/networking/nftables.nix b/nixos/modules/services/networking/nftables.nix index cb75142965e..72f37c32253 100644 --- a/nixos/modules/services/networking/nftables.nix +++ b/nixos/modules/services/networking/nftables.nix @@ -103,6 +103,7 @@ in }]; boot.blacklistedKernelModules = [ "ip_tables" ]; environment.systemPackages = [ pkgs.nftables ]; + networking.networkmanager.firewallBackend = mkDefault "nftables"; systemd.services.nftables = { description = "nftables firewall"; before = [ "network-pre.target" ]; |