Loading nixos/modules/services/networking/nftables.nix +4 −0 Original line number Diff line number Diff line Loading @@ -83,6 +83,8 @@ in ''; }; networking.nftables.flushRuleset = mkEnableOption (lib.mdDoc "Flush the entire ruleset on each reload."); networking.nftables.ruleset = mkOption { type = types.lines; default = ""; Loading Loading @@ -209,6 +211,7 @@ in boot.blacklistedKernelModules = [ "ip_tables" ]; environment.systemPackages = [ pkgs.nftables ]; networking.networkmanager.firewallBackend = mkDefault "nftables"; networking.nftables.flushRuleset = mkDefault (versionOlder config.system.stateVersion "23.11"); systemd.services.nftables = { description = "nftables firewall"; before = [ "network-pre.target" ]; Loading @@ -222,6 +225,7 @@ in executable = true; text = '' #! ${pkgs.nftables}/bin/nft -f ${optionalString cfg.flushRuleset "flush ruleset"} ${concatStringsSep "\n" (mapAttrsToList (_: table: '' table ${table.family} ${table.name} delete table ${table.family} ${table.name} Loading Loading
nixos/modules/services/networking/nftables.nix +4 −0 Original line number Diff line number Diff line Loading @@ -83,6 +83,8 @@ in ''; }; networking.nftables.flushRuleset = mkEnableOption (lib.mdDoc "Flush the entire ruleset on each reload."); networking.nftables.ruleset = mkOption { type = types.lines; default = ""; Loading Loading @@ -209,6 +211,7 @@ in boot.blacklistedKernelModules = [ "ip_tables" ]; environment.systemPackages = [ pkgs.nftables ]; networking.networkmanager.firewallBackend = mkDefault "nftables"; networking.nftables.flushRuleset = mkDefault (versionOlder config.system.stateVersion "23.11"); systemd.services.nftables = { description = "nftables firewall"; before = [ "network-pre.target" ]; Loading @@ -222,6 +225,7 @@ in executable = true; text = '' #! ${pkgs.nftables}/bin/nft -f ${optionalString cfg.flushRuleset "flush ruleset"} ${concatStringsSep "\n" (mapAttrsToList (_: table: '' table ${table.family} ${table.name} delete table ${table.family} ${table.name} Loading
Naïm Favier <n@monade.li>