diff options
Diffstat (limited to 'nixos/modules/services/networking/nat.nix')
-rw-r--r-- | nixos/modules/services/networking/nat.nix | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix index 3d3899a5c41..7f4094de12f 100644 --- a/nixos/modules/services/networking/nat.nix +++ b/nixos/modules/services/networking/nat.nix @@ -95,26 +95,26 @@ in preStart = '' - iptables -t nat -F PREROUTING - iptables -t nat -F POSTROUTING - iptables -t nat -X + iptables -w -t nat -F PREROUTING + iptables -w -t nat -F POSTROUTING + iptables -w -t nat -X # We can't match on incoming interface in POSTROUTING, so # mark packets coming from the external interfaces. ${concatMapStrings (iface: '' - iptables -t nat -A PREROUTING \ + iptables -w -t nat -A PREROUTING \ -i '${iface}' -j MARK --set-mark 1 '') cfg.internalInterfaces} # NAT the marked packets. ${optionalString (cfg.internalInterfaces != []) '' - iptables -t nat -A POSTROUTING -m mark --mark 1 \ + iptables -w -t nat -A POSTROUTING -m mark --mark 1 \ -o ${cfg.externalInterface} ${dest} ''} # NAT packets coming from the internal IPs. ${concatMapStrings (range: '' - iptables -t nat -A POSTROUTING \ + iptables -w -t nat -A POSTROUTING \ -s '${range}' -o ${cfg.externalInterface} ${dest} '') cfg.internalIPs} @@ -123,9 +123,9 @@ in postStop = '' - iptables -t nat -F PREROUTING - iptables -t nat -F POSTROUTING - iptables -t nat -X + iptables -w -t nat -F PREROUTING + iptables -w -t nat -F POSTROUTING + iptables -w -t nat -X ''; }; }; |