Loading nixos/modules/services/networking/firewall-iptables.nix +0 −3 Original line number Diff line number Diff line Loading @@ -123,9 +123,6 @@ let # Allows this host to act as a DHCP4 client without first having to use APIPA iptables -t mangle -A nixos-fw-rpfilter -p udp --sport 67 --dport 68 -j RETURN # Allows decrypted packets from an IPsec VPN ip46tables -t mangle -A nixos-fw-rpfilter -m policy --dir in --pol ipsec -j RETURN # Allows this host to act as a DHCPv4 server iptables -t mangle -A nixos-fw-rpfilter -s 0.0.0.0 -d 255.255.255.255 -p udp --sport 68 --dport 67 -j RETURN Loading nixos/modules/services/networking/firewall-nftables.nix +0 −6 Original line number Diff line number Diff line Loading @@ -82,11 +82,6 @@ in } ]; networking.nftables.preCheckRuleset = '' # can't validate IPsec rules sed '/meta ipsec/d' -i ruleset.conf ''; networking.nftables.tables."nixos-fw".family = "inet"; networking.nftables.tables."nixos-fw".content = '' ${optionalString (cfg.checkReversePath != false) '' Loading @@ -94,7 +89,6 @@ in type filter hook prerouting priority mangle + 10; policy drop; meta nfproto ipv4 udp sport . udp dport { 67 . 68, 68 . 67 } accept comment "DHCPv4 client/server" meta ipsec exists accept comment "decrypted packets from an IPsec VPN" fib saddr . mark ${optionalString (cfg.checkReversePath != "loose") ". iif"} oif exists accept jump rpfilter-allow Loading Loading
nixos/modules/services/networking/firewall-iptables.nix +0 −3 Original line number Diff line number Diff line Loading @@ -123,9 +123,6 @@ let # Allows this host to act as a DHCP4 client without first having to use APIPA iptables -t mangle -A nixos-fw-rpfilter -p udp --sport 67 --dport 68 -j RETURN # Allows decrypted packets from an IPsec VPN ip46tables -t mangle -A nixos-fw-rpfilter -m policy --dir in --pol ipsec -j RETURN # Allows this host to act as a DHCPv4 server iptables -t mangle -A nixos-fw-rpfilter -s 0.0.0.0 -d 255.255.255.255 -p udp --sport 68 --dport 67 -j RETURN Loading
nixos/modules/services/networking/firewall-nftables.nix +0 −6 Original line number Diff line number Diff line Loading @@ -82,11 +82,6 @@ in } ]; networking.nftables.preCheckRuleset = '' # can't validate IPsec rules sed '/meta ipsec/d' -i ruleset.conf ''; networking.nftables.tables."nixos-fw".family = "inet"; networking.nftables.tables."nixos-fw".content = '' ${optionalString (cfg.checkReversePath != false) '' Loading @@ -94,7 +89,6 @@ in type filter hook prerouting priority mangle + 10; policy drop; meta nfproto ipv4 udp sport . udp dport { 67 . 68, 68 . 67 } accept comment "DHCPv4 client/server" meta ipsec exists accept comment "decrypted packets from an IPsec VPN" fib saddr . mark ${optionalString (cfg.checkReversePath != "loose") ". iif"} oif exists accept jump rpfilter-allow Loading
