From 63e1dc6ace14f9e006d1196d2a2278d76034bf7a Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Mon, 18 Nov 2024 14:16:38 +0100 Subject: [PATCH] nixos/networkd: warn about naively replacing IPForward See https://github.com/systemd/systemd/issues/33414. The way this was phrased sounded like a dumb search/replace operation to me. This resulted in random parts of my routing being broken (forward from if X -> Y being fine, but the opposite direction being broken). This change makes it explicit that it's a little more complicated and you should really consult the docs before making that change. (cherry picked from commit 06f50f4adf5f96efc6926681ee7143c038e2abbc) --- nixos/modules/system/boot/networkd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 130d6098b1e2..715425b0dc6d 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -716,7 +716,7 @@ let (assertValueOneOf "EmitLLDP" (boolValues ++ ["nearest-bridge" "non-tpmr-bridge" "customer-bridge"])) (assertValueOneOf "UseDomains" (boolValues ++ ["route"])) (assertValueOneOf "DNSDefaultRoute" boolValues) - (assertRemoved "IPForward" "IPv4Forwarding and IPv6Forwarding in systemd.network(5) and networkd.conf(5)") + (assertRemoved "IPForward" "IPv4Forwarding and IPv6Forwarding in systemd.network(5) and networkd.conf(5). Please note that setting these options on multiple interfaces may lead to unintended results, see https://github.com/systemd/systemd/issues/33414 or the relevant sections in systemd.network(5).") (assertValueOneOf "IPv4Forwarding" boolValues) (assertValueOneOf "IPv6Forwarding" boolValues) (assertValueOneOf "IPMasquerade" (boolValues ++ ["ipv4" "ipv6" "both"]))