diff options
author | Andrew Childs <lorne@cons.org.nz> | 2019-11-17 13:48:53 +0900 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-03-14 04:32:07 +0000 |
commit | 2c121f421551355d3ea61e4b83ea269df83f2027 (patch) | |
tree | edb7057ece48191ba72050183cb7d6d8f7869a29 /nixos/modules/services | |
parent | 7ed8a2c7f55d725f3eb590464f6659cea55e28ed (diff) | |
download | nixlib-2c121f421551355d3ea61e4b83ea269df83f2027.tar nixlib-2c121f421551355d3ea61e4b83ea269df83f2027.tar.gz nixlib-2c121f421551355d3ea61e4b83ea269df83f2027.tar.bz2 nixlib-2c121f421551355d3ea61e4b83ea269df83f2027.tar.lz nixlib-2c121f421551355d3ea61e4b83ea269df83f2027.tar.xz nixlib-2c121f421551355d3ea61e4b83ea269df83f2027.tar.zst nixlib-2c121f421551355d3ea61e4b83ea269df83f2027.zip |
nixos/firewall: fix inverted assertion for reverse path filtering
Previously the assertion passed if the kernel had support OR the filter was *enabled*. In the case of a kernel without support, the `checkReversePath` option defaulted to false, and then failed the assertion.
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/networking/firewall.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index 15aaf7410674..b0045ff795e3 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -546,7 +546,7 @@ in options nf_conntrack nf_conntrack_helper=1 ''; - assertions = [ { assertion = (cfg.checkReversePath != false) || kernelHasRPFilter; + assertions = [ { assertion = cfg.checkReversePath -> kernelHasRPFilter; message = "This kernel does not support rpfilter"; } ]; |