nixos/firewall: fix inverted assertion for reverse path filtering

Previously the assertion passed if the kernel had support OR the
filter was *enabled*. In the case of a kernel without support, the
`checkReversePath` option defaulted to false, and then failed the
assertion.

nixos/modules/services/networking/firewall.nix

@@ -555,7 +555,7 @@ in
       options nf_conntrack nf_conntrack_helper=1
     '';
 
-    assertions = [ { assertion = (cfg.checkReversePath != false) || kernelHasRPFilter;
+    assertions = [ { assertion = cfg.checkReversePath -> kernelHasRPFilter;
                      message = "This kernel does not support rpfilter"; }
                  ];