public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

firewall service: run stop commands in reload

Browse Source 
Do cleanup of user-created additional rules.

Of course it'd be much better to just use iptables-{save,restore} for
declarative management, but as it's still not there...
This commit is contained in:
Nikolay Amiantov 2018-04-17 12:40:05 +03:00
parent e0c9a25588
commit b81aa02800
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/modules/services/networking/firewall.nix
View File

@ -242,6 +242,9 @@ let
# Don't allow traffic to leak out until the script has completed # Don't allow traffic to leak out until the script has completed
ip46tables -A INPUT -j nixos-drop ip46tables -A INPUT -j nixos-drop
${cfg.extraStopCommands}
if ${startScript}; then if ${startScript}; then
ip46tables -D INPUT -j nixos-drop 2>/dev/null || true ip46tables -D INPUT -j nixos-drop 2>/dev/null || true
else else