diff options
| author | Niklas Hambüchen <mail@nh2.me> | 2020-03-18 04:11:01 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-18 04:11:01 +0100 |
| commit | 9d45737ae77af0792a80105a480bd378099e6934 (patch) | |
| tree | 0bc86efc057253949188a6e1215d5a9f13eb57d0 /nixos/modules | |
| parent | 4366606c1ef384b356be8defe5ef95b46e9236bf (diff) | |
| parent | e110f5ecc1038ca2769013a6e6ba77321f387dc7 (diff) | |
| download | nixlib-9d45737ae77af0792a80105a480bd378099e6934.tar nixlib-9d45737ae77af0792a80105a480bd378099e6934.tar.gz nixlib-9d45737ae77af0792a80105a480bd378099e6934.tar.bz2 nixlib-9d45737ae77af0792a80105a480bd378099e6934.tar.lz nixlib-9d45737ae77af0792a80105a480bd378099e6934.tar.xz nixlib-9d45737ae77af0792a80105a480bd378099e6934.tar.zst nixlib-9d45737ae77af0792a80105a480bd378099e6934.zip | |
Merge pull request #82767 from thefloweringash/rpfilter-assertion-types
nixos/firewall: fix types in reverse path assertion
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/services/networking/firewall.nix | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index b0045ff795e3..cdc3a172ea70 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -546,9 +546,13 @@ in options nf_conntrack nf_conntrack_helper=1 ''; - assertions = [ { assertion = cfg.checkReversePath -> kernelHasRPFilter; - message = "This kernel does not support rpfilter"; } - ]; + assertions = [ + # This is approximately "checkReversePath -> kernelHasRPFilter", + # but the checkReversePath option can include non-boolean + # values. + { assertion = cfg.checkReversePath == false || kernelHasRPFilter; + message = "This kernel does not support rpfilter"; } + ]; systemd.services.firewall = { description = "Firewall"; |