From 714fdb425a90630517056552d77fa4ccb8fadae7 Mon Sep 17 00:00:00 2001
From: Shea Levy <shea@shealevy.com>
Date: Mon, 6 Feb 2017 16:43:23 -0500
Subject: firewall: Fix check for rpfilter on manual-config kernels

---
 nixos/modules/services/networking/firewall.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'nixos/modules/services/networking/firewall.nix')

diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix
index 34b731ad35c..243cd04c96c 100644
--- a/nixos/modules/services/networking/firewall.nix
+++ b/nixos/modules/services/networking/firewall.nix
@@ -38,9 +38,9 @@ let
 
   cfg = config.networking.firewall;
 
-  kernelPackages = config.boot.kernelPackages;
+  inherit (config.boot.kernelPackages) kernel;
 
-  kernelHasRPFilter = kernelPackages.kernel.features.netfilterRPFilter or false;
+  kernelHasRPFilter = ((kernel.config.isEnabled or (x: false)) "IP_NF_MATCH_RPFILTER") || (kernel.features.netfilterRPFilter or false);
 
   helpers =
     ''
-- 
cgit 1.4.1