firewall: clear rpfilter on stop

2024-11-02 07:31:26 +00:00 · 2014-11-14 09:07:18 +02:00 · 2014-11-14 09:07:18 +02:00 · 53b24d0c95
commit 53b24d0c95
parent ea49ac0496
1 changed files with 6 additions and 0 deletions
--- a/nixos/modules/services/networking/firewall.nix
+++ b/nixos/modules/services/networking/firewall.nix
@ -187,6 +187,12 @@ let
    # Clean up after added ruleset
    ip46tables -D INPUT -j nixos-fw 2>/dev/null || true

+    ${optionalString (kernelHasRPFilter && cfg.checkReversePath) ''
+      if ! ip46tables -D PREROUTING -t raw -m rpfilter --invert -j DROP; then
+        echo "<2>failed to stop rpfilter support" >&2
+      fi
+    ''}
+
    ${cfg.extraStopCommands}
  '';