public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Add a firewall option to allow pings. (Maybe this should

Browse Source 
be enabled by default.)

svn path=/nixos/trunk/; revision=26233
This commit is contained in:
Eelco Dolstra 2011-03-09 15:28:47 +00:00
parent e4051e105c
commit 12161f3183
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/services/networking/firewall.nix
View File

@ -62,6 +62,15 @@ in
''; '';
}; };
networking.firewall.allowPing = mkOption {
default = false;
type = types.bool;
description =
''
Whether to respond to incoming ICMP echo requests ("pings").
'';
};
}; };
@ -130,6 +139,12 @@ in
# stuff like neighbor/router solicitation won't work. # stuff like neighbor/router solicitation won't work.
ip6tables -A INPUT -s fe80::/10 -p icmpv6 -j ACCEPT ip6tables -A INPUT -s fe80::/10 -p icmpv6 -j ACCEPT
# Optionally respond to pings.
${optionalString cfg.allowPing ''
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
''}
# Reject/drop everything else. # Reject/drop everything else.
ip46tables -A INPUT -j FW_REFUSE ip46tables -A INPUT -j FW_REFUSE
''; '';