nixos/firewall: fix types in reverse path assertion

Broken by 0f973e273c284a97a8dffeab7d9c0b09a88b7139 in #73533

The type of the checkReversePath option allows "strict" and "loose" as
well as boolean values.

nixos/modules/services/networking/firewall.nix

@@ -546,9 +546,13 @@ in
       options nf_conntrack nf_conntrack_helper=1
     '';
 
-    assertions = [ { assertion = cfg.checkReversePath -> kernelHasRPFilter;
+    assertions = [
-                     message = "This kernel does not support rpfilter"; }
+      # This is approximately "checkReversePath -> kernelHasRPFilter",
-                 ];
+      # but the checkReversePath option can include non-boolean
+      # values.
+      { assertion = cfg.checkReversePath == false || kernelHasRPFilter;
+        message = "This kernel does not support rpfilter"; }
+    ];
 
     systemd.services.firewall = {
       description = "Firewall";