From ac8db6fd339fa50d5ad189e305c8e1647cbc934b Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Fri, 19 Oct 2012 15:21:06 -0400
Subject: [PATCH] firewall.nix: Don't fail if IPv6 is disabled

---
 modules/services/networking/firewall.nix | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/modules/services/networking/firewall.nix b/modules/services/networking/firewall.nix
index 7601fd1be43..d0119c56fce 100644
--- a/modules/services/networking/firewall.nix
+++ b/modules/services/networking/firewall.nix
@@ -268,9 +268,11 @@ in
             # Accept all ICMPv6 messages except redirects and node
             # information queries (type 139).  See RFC 4890, section
             # 4.4.
-            ip6tables -A nixos-fw -p icmpv6 --icmpv6-type redirect -j DROP
-            ip6tables -A nixos-fw -p icmpv6 --icmpv6-type 139 -j DROP
-            ip6tables -A nixos-fw -p icmpv6 -j nixos-fw-accept
+            ${optionalString config.networking.enableIPv6 ''
+              ip6tables -A nixos-fw -p icmpv6 --icmpv6-type redirect -j DROP
+              ip6tables -A nixos-fw -p icmpv6 --icmpv6-type 139 -j DROP
+              ip6tables -A nixos-fw -p icmpv6 -j nixos-fw-accept
+            ''}
 
             ${cfg.extraCommands}