diff options
| author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2019-10-16 13:39:55 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-10-16 13:39:55 +0100 |
| commit | 334921ad31539786eb2aaaf71e258f51b9f4acbc (patch) | |
| tree | 1a8af910cd2ce5c704d5102b0c5bd919acc60af4 /pkgs/os-specific | |
| parent | 7b512c15570c17b688c59f7bf2277a72bab035d6 (diff) | |
| parent | c1fd98f6267e0188ec0e23d3d1f121a16630b3cc (diff) | |
| download | nixpkgs-334921ad31539786eb2aaaf71e258f51b9f4acbc.tar nixpkgs-334921ad31539786eb2aaaf71e258f51b9f4acbc.tar.gz nixpkgs-334921ad31539786eb2aaaf71e258f51b9f4acbc.tar.bz2 nixpkgs-334921ad31539786eb2aaaf71e258f51b9f4acbc.tar.lz nixpkgs-334921ad31539786eb2aaaf71e258f51b9f4acbc.tar.xz nixpkgs-334921ad31539786eb2aaaf71e258f51b9f4acbc.tar.zst nixpkgs-334921ad31539786eb2aaaf71e258f51b9f4acbc.zip | |
Merge pull request #66841 from Izorkin/kernel-nftables
nftables: enable all features in kernel
Diffstat (limited to 'pkgs/os-specific')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 5336ab4d977..963f3018e11 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -98,8 +98,6 @@ let networking = { NET = yes; IP_PNP = no; - NETFILTER = yes; - NETFILTER_ADVANCED = yes; IP_VS_PROTO_TCP = yes; IP_VS_PROTO_UDP = yes; IP_VS_PROTO_ESP = yes; @@ -144,12 +142,25 @@ let KEY_DH_OPERATIONS = whenAtLeast "4.7" yes; # needed for nftables - NF_TABLES_INET = whenAtLeast "4.17" yes; - NF_TABLES_NETDEV = whenAtLeast "4.17" yes; - NF_TABLES_IPV4 = whenAtLeast "4.17" yes; - NF_TABLES_ARP = whenAtLeast "4.17" yes; - NF_TABLES_IPV6 = whenAtLeast "4.17" yes; - NF_TABLES_BRIDGE = whenBetween "4.17" "5.3" yes; + # Networking Options + NETFILTER = yes; + NETFILTER_ADVANCED = yes; + # Core Netfilter Configuration + NF_CONNTRACK_ZONES = yes; + NF_CONNTRACK_EVENTS = yes; + NF_CONNTRACK_TIMEOUT = yes; + NF_CONNTRACK_TIMESTAMP = yes; + NETFILTER_NETLINK_GLUE_CT = yes; + NF_TABLES_INET = whenAtLeast "4.19" yes; + NF_TABLES_NETDEV = whenAtLeast "4.19" yes; + # IP: Netfilter Configuration + NF_TABLES_IPV4 = yes; + NF_TABLES_ARP = whenAtLeast "4.19" yes; + # IPv6: Netfilter Configuration + NF_TABLES_IPV6 = yes; + # Bridge Netfilter Configuration + NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes) + (whenAtLeast "5.3" module) ]; # needed for ss INET_DIAG = yes; |