nat: always flush nixos nat rules on firewall start/reload

Fixes #27510
2017-08-03 17:41:07 +00:00 · 2017-08-03 17:41:07 +00:00 · 53d2f0980d
commit 53d2f0980d
parent d604336b5b
1 changed files with 32 additions and 29 deletions
--- a/nixos/modules/services/networking/nat.nix
+++ b/nixos/modules/services/networking/nat.nix
@ -151,7 +151,9 @@ in
  ###### implementation
-  config = mkIf config.networking.nat.enable {
+  config = mkMerge [
    { networking.firewall.extraCommands = mkBefore flushNat; }
    (mkIf config.networking.nat.enable {
      environment.systemPackages = [ pkgs.iptables ];
@ -164,7 +166,7 @@ in
      };
      networking.firewall = mkIf config.networking.firewall.enable {
-      extraCommands = mkMerge [ (mkBefore flushNat) setupNat ];
+        extraCommands = setupNat;
        extraStopCommands = flushNat;
      };
@ -184,5 +186,6 @@ in
        postStop = flushNat;
      }; };
-  };
+    })
  ];
 }