diff options
author | Richard Zetterberg <rzetterberg@users.noreply.github.com> | 2017-03-25 16:34:02 +0100 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2017-03-25 16:34:02 +0100 |
commit | dc10688edbfabe516a708e6dc2341fb5cfc2d3ad (patch) | |
tree | d2dbd7c9c8b00bf7b88753721a910ff1223acc19 /nixos/modules/services | |
parent | f087b7594150998652f6b7945b0ca86bceba9e79 (diff) | |
download | nixlib-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.tar nixlib-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.tar.gz nixlib-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.tar.bz2 nixlib-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.tar.lz nixlib-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.tar.xz nixlib-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.tar.zst nixlib-dc10688edbfabe516a708e6dc2341fb5cfc2d3ad.zip |
nftables: adds information regarding nftables and Docker (#24326)
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/networking/nftables.nix | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/nftables.nix b/nixos/modules/services/networking/nftables.nix index 029c3df89932..56b942054140 100644 --- a/nixos/modules/services/networking/nftables.nix +++ b/nixos/modules/services/networking/nftables.nix @@ -17,6 +17,17 @@ in This conflicts with the standard networking firewall, so make sure to disable it before using nftables. + + Note that if you have Docker enabled you will not be able to use + nftables without intervention. Docker uses iptables internally to + setup NAT for containers. This module disables the ip_tables kernel + module, however Docker automatically loads the module. Please see [1] + for more information. + + There are other programs that use iptables internally too, such as + libvirt. + + [1]: https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273 ''; }; networking.nftables.ruleset = mkOption { |