public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nftables: enable all features

Browse Source
This commit is contained in:
Izorkin 2019-10-14 16:41:39 +03:00
parent 2a254635ec
commit c1fd98f626
1 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
pkgs/os-specific/linux/kernel/common-config.nix
View File

@ -99,8 +99,6 @@ let
networking = { networking = {
NET = yes; NET = yes;
IP_PNP = no; IP_PNP = no;
NETFILTER = yes;
NETFILTER_ADVANCED = yes;
IP_VS_PROTO_TCP = yes; IP_VS_PROTO_TCP = yes;
IP_VS_PROTO_UDP = yes; IP_VS_PROTO_UDP = yes;
IP_VS_PROTO_ESP = yes; IP_VS_PROTO_ESP = yes;
@ -145,12 +143,25 @@ let
KEY_DH_OPERATIONS = whenAtLeast "4.7" yes; KEY_DH_OPERATIONS = whenAtLeast "4.7" yes;
# needed for nftables # needed for nftables
NF_TABLES_INET = whenAtLeast "4.17" yes; # Networking Options
NF_TABLES_NETDEV = whenAtLeast "4.17" yes; NETFILTER = yes;
NF_TABLES_IPV4 = whenAtLeast "4.17" yes; NETFILTER_ADVANCED = yes;
NF_TABLES_ARP = whenAtLeast "4.17" yes; # Core Netfilter Configuration
NF_TABLES_IPV6 = whenAtLeast "4.17" yes; NF_CONNTRACK_ZONES = yes;
NF_TABLES_BRIDGE = whenBetween "4.17" "5.3" yes; NF_CONNTRACK_EVENTS = yes;
NF_CONNTRACK_TIMEOUT = yes;
NF_CONNTRACK_TIMESTAMP = yes;
NETFILTER_NETLINK_GLUE_CT = yes;
NF_TABLES_INET = whenAtLeast "4.19" yes;
NF_TABLES_NETDEV = whenAtLeast "4.19" yes;
# IP: Netfilter Configuration
NF_TABLES_IPV4 = yes;
NF_TABLES_ARP = whenAtLeast "4.19" yes;
# IPv6: Netfilter Configuration
NF_TABLES_IPV6 = yes;
# Bridge Netfilter Configuration
NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes)
(whenAtLeast "5.3" module) ];
# needed for ss # needed for ss
INET_DIAG = yes; INET_DIAG = yes;