summary refs log tree commit diff
path: root/nixos/modules/services/networking/firewall.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/networking/firewall.nix')
-rw-r--r--nixos/modules/services/networking/firewall.nix10
1 files changed, 7 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix
index 15aaf741067..cdc3a172ea7 100644
--- a/nixos/modules/services/networking/firewall.nix
+++ b/nixos/modules/services/networking/firewall.nix
@@ -546,9 +546,13 @@ in
       options nf_conntrack nf_conntrack_helper=1
     '';
 
-    assertions = [ { assertion = (cfg.checkReversePath != false) || kernelHasRPFilter;
-                     message = "This kernel does not support rpfilter"; }
-                 ];
+    assertions = [
+      # This is approximately "checkReversePath -> kernelHasRPFilter",
+      # but the checkReversePath option can include non-boolean
+      # values.
+      { assertion = cfg.checkReversePath == false || kernelHasRPFilter;
+        message = "This kernel does not support rpfilter"; }
+    ];
 
     systemd.services.firewall = {
       description = "Firewall";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-05 01:29:34 +0000