alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Merge pull request #82767 from thefloweringash/rpfilter-assertion-types

Browse source 
nixos/firewall: fix types in reverse path assertion
This commit is contained in:
Niklas Hambüchen 2020-03-18 04:11:01 +01:00 committed by GitHub
parent 4366606c1e e110f5ecc1
commit 9d45737ae7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
nixos/modules/services/networking/firewall.nix
View file

@ -546,9 +546,13 @@ in
options nf_conntrack nf_conntrack_helper=1
'';
assertions = [ { assertion = cfg.checkReversePath -> kernelHasRPFilter;
message = "This kernel does not support rpfilter"; }
];
assertions = [
# This is approximately "checkReversePath -> kernelHasRPFilter",
# but the checkReversePath option can include non-boolean
# values.
{ assertion = cfg.checkReversePath == false || kernelHasRPFilter;
message = "This kernel does not support rpfilter"; }
];
systemd.services.firewall = {
description = "Firewall";