From e078117c726b9840b053ff3e90b2ce0801b43497 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Fri, 19 Oct 2012 15:21:06 -0400
Subject: [PATCH] firewall.nix: Don't fail if IPv6 is disabled

---
 modules/services/networking/firewall.nix | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/modules/services/networking/firewall.nix b/modules/services/networking/firewall.nix
index 8ddeacf1a0f..9f7db27c738 100644
--- a/modules/services/networking/firewall.nix
+++ b/modules/services/networking/firewall.nix
@@ -340,9 +340,11 @@ in
             # Accept all ICMPv6 messages except redirects and node
             # information queries (type 139).  See RFC 4890, section
             # 4.4.
-            ip6tables -A nixos-fw -p icmpv6 --icmpv6-type redirect -j DROP
-            ip6tables -A nixos-fw -p icmpv6 --icmpv6-type 139 -j DROP
-            ip6tables -A nixos-fw -p icmpv6 -j nixos-fw-accept
+            ${optionalString config.networking.enableIPv6 ''
+              ip6tables -A nixos-fw -p icmpv6 --icmpv6-type redirect -j DROP
+              ip6tables -A nixos-fw -p icmpv6 --icmpv6-type 139 -j DROP
+              ip6tables -A nixos-fw -p icmpv6 -j nixos-fw-accept
+            ''}
 
             ${cfg.extraCommands}