Document the fact that the firewall allows pings by default in rl-1603.xml.

(cherry picked from commit 9a2ee42f52)
2016-03-18 12:00:39 +01:00 · 2016-03-18 12:00:39 +01:00 · cc8278e186
parent 2e7727f647
commit cc8278e186
1 changed files with 12 additions and 0 deletions
--- a/nixos/doc/manual/release-notes/rl-1603.xml
+++ b/nixos/doc/manual/release-notes/rl-1603.xml
@ -262,6 +262,18 @@ services.syncthing = {
    </programlisting>
  </listitem>

+  <listitem>
+    <para>
+      <literal>networking.firewall.allowPing</literal> is now enabled by
+      default. Users are encourarged to configure an approiate rate limit for
+      their machines using the Kernel interface at
+      <filename>/proc/sys/net/ipv4/icmp_ratelimit</filename> and
+      <filename>/proc/sys/net/ipv6/icmp/ratelimit</filename> or using the
+      firewall itself, i.e. by setting the NixOS option
+      <literal>networking.firewall.pingLimit</literal>.
+    </para>
+  </listitem>
+
 </itemizedlist>