diff options
| author | Andrew Childs <lorne@cons.org.nz> | 2020-03-17 10:32:37 +0900 |
|---|---|---|
| committer | Andrew Childs <lorne@cons.org.nz> | 2020-03-18 10:54:55 +0900 |
| commit | e110f5ecc1038ca2769013a6e6ba77321f387dc7 (patch) | |
| tree | 338ffd42c674dd678f6b87ad313ea1dfec781311 /nixos/modules/services/networking | |
| parent | d5dda83d915888cca1fba02bc078fc50f5b11309 (diff) | |
| download | nixlib-e110f5ecc1038ca2769013a6e6ba77321f387dc7.tar nixlib-e110f5ecc1038ca2769013a6e6ba77321f387dc7.tar.gz nixlib-e110f5ecc1038ca2769013a6e6ba77321f387dc7.tar.bz2 nixlib-e110f5ecc1038ca2769013a6e6ba77321f387dc7.tar.lz nixlib-e110f5ecc1038ca2769013a6e6ba77321f387dc7.tar.xz nixlib-e110f5ecc1038ca2769013a6e6ba77321f387dc7.tar.zst nixlib-e110f5ecc1038ca2769013a6e6ba77321f387dc7.zip | |
nixos/firewall: fix types in reverse path assertion
Broken by 0f973e273c284a97a8dffeab7d9c0b09a88b7139 in #73533 The type of the checkReversePath option allows "strict" and "loose" as well as boolean values.
Diffstat (limited to 'nixos/modules/services/networking')
| -rw-r--r-- | nixos/modules/services/networking/firewall.nix | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index b0045ff795e3..cdc3a172ea70 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -546,9 +546,13 @@ in options nf_conntrack nf_conntrack_helper=1 ''; - assertions = [ { assertion = cfg.checkReversePath -> kernelHasRPFilter; - message = "This kernel does not support rpfilter"; } - ]; + assertions = [ + # This is approximately "checkReversePath -> kernelHasRPFilter", + # but the checkReversePath option can include non-boolean + # values. + { assertion = cfg.checkReversePath == false || kernelHasRPFilter; + message = "This kernel does not support rpfilter"; } + ]; systemd.services.firewall = { description = "Firewall"; |