diff options
author | Nikolay Amiantov <ab@fmap.me> | 2018-04-17 12:40:05 +0300 |
---|---|---|
committer | Nikolay Amiantov <ab@fmap.me> | 2018-04-17 12:41:36 +0300 |
commit | b81aa02800795724fe0a01e7544c49b04a40994a (patch) | |
tree | a01e647052ea87f9b4b9e5afa7d10991cc052e83 /nixos/modules/services/networking | |
parent | e0c9a255882e7a9da4604aeb561f28c72046fece (diff) | |
download | nixlib-b81aa02800795724fe0a01e7544c49b04a40994a.tar nixlib-b81aa02800795724fe0a01e7544c49b04a40994a.tar.gz nixlib-b81aa02800795724fe0a01e7544c49b04a40994a.tar.bz2 nixlib-b81aa02800795724fe0a01e7544c49b04a40994a.tar.lz nixlib-b81aa02800795724fe0a01e7544c49b04a40994a.tar.xz nixlib-b81aa02800795724fe0a01e7544c49b04a40994a.tar.zst nixlib-b81aa02800795724fe0a01e7544c49b04a40994a.zip |
firewall service: run stop commands in reload
Do cleanup of user-created additional rules. Of course it'd be much better to just use iptables-{save,restore} for declarative management, but as it's still not there...
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/firewall.nix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index 20c0b0acf165..c4bd0e7f9eef 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -242,6 +242,9 @@ let # Don't allow traffic to leak out until the script has completed ip46tables -A INPUT -j nixos-drop + + ${cfg.extraStopCommands} + if ${startScript}; then ip46tables -D INPUT -j nixos-drop 2>/dev/null || true else |