public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rename back to default and better release notes

Browse Source
This commit is contained in:
Ben Blaxill 2018-11-22 19:24:23 -05:00
parent b48c6d051b
commit 308ab4ea25
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/doc/manual/release-notes/rl-1903.xml
View File

@ -222,9 +222,13 @@
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
NixOS global firewall allow options (<literal>networking.firewall.allow*</literal>) Network interface indiscriminate NixOS firewall options
are now preserved when setting interface specific rules such as (<literal>networking.firewall.allow*</literal>) are now preserved when also
<literal>networking.firewall.interfaces.en0.allow*</literal>. setting interface specific rules such as <literal>networking.firewall.interfaces.en0.allow*</literal>.
These rules continue to use the pseudo device "default"
(<literal>networking.firewall.interfaces.default.*</literal>), and assigning
to this pseudo device will override the (<literal>networking.firewall.allow*</literal>)
options.
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>

12
nixos/modules/services/networking/firewall.nix
View File

@ -58,8 +58,8 @@ let
${text} ${text}
''; in "${dir}/bin/${name}"; ''; in "${dir}/bin/${name}";
anyInterface = { any = mapAttrs (name: value: cfg."${name}") commonOptions; }; defaultInterface = { default = mapAttrs (name: value: cfg."${name}") commonOptions; };
allInterfaces = anyInterface // cfg.interfaces; allInterfaces = defaultInterface // cfg.interfaces;
startScript = writeShScript "firewall-start" '' startScript = writeShScript "firewall-start" ''
${helpers} ${helpers}
@ -154,7 +154,7 @@ let
${concatStrings (mapAttrsToList (iface: cfg: ${concatStrings (mapAttrsToList (iface: cfg:
concatMapStrings (port: concatMapStrings (port:
'' ''
ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"} ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
'' ''
) cfg.allowedTCPPorts ) cfg.allowedTCPPorts
) allInterfaces)} ) allInterfaces)}
@ -164,7 +164,7 @@ let
concatMapStrings (rangeAttr: concatMapStrings (rangeAttr:
let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in
'' ''
ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"} ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
'' ''
) cfg.allowedTCPPortRanges ) cfg.allowedTCPPortRanges
) allInterfaces)} ) allInterfaces)}
@ -173,7 +173,7 @@ let
${concatStrings (mapAttrsToList (iface: cfg: ${concatStrings (mapAttrsToList (iface: cfg:
concatMapStrings (port: concatMapStrings (port:
'' ''
ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"} ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
'' ''
) cfg.allowedUDPPorts ) cfg.allowedUDPPorts
) allInterfaces)} ) allInterfaces)}
@ -183,7 +183,7 @@ let
concatMapStrings (rangeAttr: concatMapStrings (rangeAttr:
let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in
'' ''
ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"} ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
'' ''
) cfg.allowedUDPPortRanges ) cfg.allowedUDPPortRanges
) allInterfaces)} ) allInterfaces)}