nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-22 20:14:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rename back to default and better release notes

Browse Source
This commit is contained in:
Ben Blaxill 2018-11-22 19:24:23 -05:00
parent b48c6d051b
commit 308ab4ea25
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/doc/manual/release-notes/rl-1903.xml
View File

@ -222,9 +222,13 @@
</listitem>
<listitem>
<para>
NixOS global firewall allow options (<literal>networking.firewall.allow*</literal>)
are now preserved when setting interface specific rules such as
<literal>networking.firewall.interfaces.en0.allow*</literal>.
Network interface indiscriminate NixOS firewall options
(<literal>networking.firewall.allow*</literal>) are now preserved when also
setting interface specific rules such as <literal>networking.firewall.interfaces.en0.allow*</literal>.
These rules continue to use the pseudo device "default"
(<literal>networking.firewall.interfaces.default.*</literal>), and assigning
to this pseudo device will override the (<literal>networking.firewall.allow*</literal>)
options.
</para>
</listitem>
</itemizedlist>

12
nixos/modules/services/networking/firewall.nix
View File

@ -58,8 +58,8 @@ let
${text}
''; in "${dir}/bin/${name}";
anyInterface = { any = mapAttrs (name: value: cfg."${name}") commonOptions; };
allInterfaces = anyInterface // cfg.interfaces;
defaultInterface = { default = mapAttrs (name: value: cfg."${name}") commonOptions; };
allInterfaces = defaultInterface // cfg.interfaces;
startScript = writeShScript "firewall-start" ''
${helpers}
@ -154,7 +154,7 @@ let
${concatStrings (mapAttrsToList (iface: cfg:
concatMapStrings (port:
''
ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"}
ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
''
) cfg.allowedTCPPorts
) allInterfaces)}
@ -164,7 +164,7 @@ let
concatMapStrings (rangeAttr:
let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in
''
ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"}
ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
''
) cfg.allowedTCPPortRanges
) allInterfaces)}
@ -173,7 +173,7 @@ let
${concatStrings (mapAttrsToList (iface: cfg:
concatMapStrings (port:
''
ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"}
ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
''
) cfg.allowedUDPPorts
) allInterfaces)}
@ -183,7 +183,7 @@ let
concatMapStrings (rangeAttr:
let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in
''
ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"}
ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
''
) cfg.allowedUDPPortRanges
) allInterfaces)}