MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-16 14:54:29 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

firewall.nix: Don't fail if IPv6 is disabled

Browse source
This commit is contained in:
Eelco Dolstra 2012-10-19 15:21:06 -04:00 committed by Rob Vermaas
parent 1c28b86749
commit e078117c72
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
modules/services/networking/firewall.nix
View file

@ -340,9 +340,11 @@ in
# Accept all ICMPv6 messages except redirects and node
# information queries (type 139). See RFC 4890, section
# 4.4.
ip6tables -A nixos-fw -p icmpv6 --icmpv6-type redirect -j DROP
ip6tables -A nixos-fw -p icmpv6 --icmpv6-type 139 -j DROP
ip6tables -A nixos-fw -p icmpv6 -j nixos-fw-accept
${optionalString config.networking.enableIPv6 ''
ip6tables -A nixos-fw -p icmpv6 --icmpv6-type redirect -j DROP
ip6tables -A nixos-fw -p icmpv6 --icmpv6-type 139 -j DROP
ip6tables -A nixos-fw -p icmpv6 -j nixos-fw-accept
''}
${cfg.extraCommands}