forked from mirrors/nixpkgs
nftables: adds information regarding nftables and Docker (#24326)
This commit is contained in:
parent
f087b75941
commit
dc10688edb
|
@ -17,6 +17,17 @@ in
|
|||
|
||||
This conflicts with the standard networking firewall, so make sure to
|
||||
disable it before using nftables.
|
||||
|
||||
Note that if you have Docker enabled you will not be able to use
|
||||
nftables without intervention. Docker uses iptables internally to
|
||||
setup NAT for containers. This module disables the ip_tables kernel
|
||||
module, however Docker automatically loads the module. Please see [1]
|
||||
for more information.
|
||||
|
||||
There are other programs that use iptables internally too, such as
|
||||
libvirt.
|
||||
|
||||
[1]: https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273
|
||||
'';
|
||||
};
|
||||
networking.nftables.ruleset = mkOption {
|
||||
|
|
Loading…
Reference in a new issue