From 308ab4ea25f7d6368ba5b7713fa4ef82cdf8e95e Mon Sep 17 00:00:00 2001
From: Ben Blaxill <ben.blaxill@gmail.com>
Date: Thu, 22 Nov 2018 19:24:23 -0500
Subject: [PATCH] Rename back to default and better release notes

---
 nixos/doc/manual/release-notes/rl-1903.xml     | 10 +++++++---
 nixos/modules/services/networking/firewall.nix | 12 ++++++------
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml
index 82f040d668fe..45f77d7f415a 100644
--- a/nixos/doc/manual/release-notes/rl-1903.xml
+++ b/nixos/doc/manual/release-notes/rl-1903.xml
@@ -222,9 +222,13 @@
    </listitem>
    <listitem>
     <para>
-     NixOS global firewall allow options (<literal>networking.firewall.allow*</literal>)
-     are now preserved when setting interface specific rules such as
-     <literal>networking.firewall.interfaces.en0.allow*</literal>.
+     Network interface indiscriminate NixOS firewall options
+     (<literal>networking.firewall.allow*</literal>) are now preserved when also
+     setting interface specific rules such as <literal>networking.firewall.interfaces.en0.allow*</literal>.
+     These rules continue to use the pseudo device "default"
+     (<literal>networking.firewall.interfaces.default.*</literal>), and assigning
+     to this pseudo device will override the (<literal>networking.firewall.allow*</literal>)
+     options.
     </para>
    </listitem>
   </itemizedlist>
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix
index 9d5d9cfc87bd..aba64e4f60ff 100644
--- a/nixos/modules/services/networking/firewall.nix
+++ b/nixos/modules/services/networking/firewall.nix
@@ -58,8 +58,8 @@ let
     ${text}
   ''; in "${dir}/bin/${name}";
 
-  anyInterface = { any = mapAttrs (name: value: cfg."${name}") commonOptions; };
-  allInterfaces = anyInterface // cfg.interfaces;
+  defaultInterface = { default = mapAttrs (name: value: cfg."${name}") commonOptions; };
+  allInterfaces = defaultInterface // cfg.interfaces;
 
   startScript = writeShScript "firewall-start" ''
     ${helpers}
@@ -154,7 +154,7 @@ let
     ${concatStrings (mapAttrsToList (iface: cfg:
       concatMapStrings (port:
         ''
-          ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"}
+          ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
         ''
       ) cfg.allowedTCPPorts
     ) allInterfaces)}
@@ -164,7 +164,7 @@ let
       concatMapStrings (rangeAttr:
         let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in
         ''
-          ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"}
+          ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
         ''
       ) cfg.allowedTCPPortRanges
     ) allInterfaces)}
@@ -173,7 +173,7 @@ let
     ${concatStrings (mapAttrsToList (iface: cfg:
       concatMapStrings (port:
         ''
-          ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"}
+          ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
         ''
       ) cfg.allowedUDPPorts
     ) allInterfaces)}
@@ -183,7 +183,7 @@ let
       concatMapStrings (rangeAttr:
         let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in
         ''
-          ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"}
+          ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
         ''
       ) cfg.allowedUDPPortRanges
     ) allInterfaces)}