summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorWilliam A. Kennington III <william@wkennington.com>2014-12-28 00:04:49 -0800
committerWilliam A. Kennington III <william@wkennington.com>2014-12-28 00:04:49 -0800
commit2627198b0c047519afa105ba1e335799075128c7 (patch)
tree011b3085cf0bb9c6a6b45284b11e968a8499aee0 /nixos
parentc17fda769a22656148115bd009a2ed9e907a5b6b (diff)
downloadnixlib-2627198b0c047519afa105ba1e335799075128c7.tar
nixlib-2627198b0c047519afa105ba1e335799075128c7.tar.gz
nixlib-2627198b0c047519afa105ba1e335799075128c7.tar.bz2
nixlib-2627198b0c047519afa105ba1e335799075128c7.tar.lz
nixlib-2627198b0c047519afa105ba1e335799075128c7.tar.xz
nixlib-2627198b0c047519afa105ba1e335799075128c7.tar.zst
nixlib-2627198b0c047519afa105ba1e335799075128c7.zip
nixos/firewall: Add ipset utility
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/services/networking/firewall.nix4


1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix
index b129727087aa..a9fe284a6152 100644
--- a/nixos/modules/services/networking/firewall.nix
+++ b/nixos/modules/services/networking/firewall.nix
@@ -443,7 +443,7 @@ in
 
     networking.firewall.trustedInterfaces = [ "lo" ];
 
-    environment.systemPackages = [ pkgs.iptables ];
+    environment.systemPackages = [ pkgs.iptables pkgs.ipset ];
 
     boot.kernelModules = map (x: "nf_conntrack_${x}") cfg.connectionTrackingModules;
     boot.extraModprobeConfig = optionalString (!cfg.autoLoadConntrackHelpers) ''
@@ -462,7 +462,7 @@ in
       before = [ "network-pre.target" ];
       after = [ "systemd-modules-load.service" ];
 
-      path = [ pkgs.iptables ];
+      path = [ pkgs.iptables pkg.ipset ];
 
       # FIXME: this module may also try to load kernel modules, but
       # containers don't have CAP_SYS_MODULE. So the host system had

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-05 15:47:13 +0000