diff options
-rw-r--r-- | nixos/modules/services/networking/firewall.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/ipset/default.nix | 22 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
3 files changed, 26 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index b129727087aa..a9fe284a6152 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -443,7 +443,7 @@ in networking.firewall.trustedInterfaces = [ "lo" ]; - environment.systemPackages = [ pkgs.iptables ]; + environment.systemPackages = [ pkgs.iptables pkgs.ipset ]; boot.kernelModules = map (x: "nf_conntrack_${x}") cfg.connectionTrackingModules; boot.extraModprobeConfig = optionalString (!cfg.autoLoadConntrackHelpers) '' @@ -462,7 +462,7 @@ in before = [ "network-pre.target" ]; after = [ "systemd-modules-load.service" ]; - path = [ pkgs.iptables ]; + path = [ pkgs.iptables pkg.ipset ]; # FIXME: this module may also try to load kernel modules, but # containers don't have CAP_SYS_MODULE. So the host system had diff --git a/pkgs/os-specific/linux/ipset/default.nix b/pkgs/os-specific/linux/ipset/default.nix new file mode 100644 index 000000000000..60bb5a381eff --- /dev/null +++ b/pkgs/os-specific/linux/ipset/default.nix @@ -0,0 +1,22 @@ +{ stdenv, fetchurl, pkgconfig, libmnl }: + +stdenv.mkDerivation rec { + name = "ipset-6.24"; + + src = fetchurl { + url = "http://ipset.netfilter.org/${name}.tar.bz2"; + sha256 = "1l4mx78473azf7cb19fxf37gmj95k1zzabimbcmlg9h07wlgqw9h"; + }; + + buildInputs = [ pkgconfig libmnl ]; + + configureFlags = [ "--with-kmod=no" ]; + + meta = with stdenv.lib; { + homepage = http://ipset.netfilter.org/; + description = "administration tool for IP sets"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ wkennington ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0a1c73594d31..8cf19f48a60f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8177,6 +8177,8 @@ let iptables = callPackage ../os-specific/linux/iptables { }; + ipset = callPackage ../os-specific/linux/ipset { }; + iw = callPackage ../os-specific/linux/iw { }; iwlwifi = callPackage ../os-specific/linux/firmware/iwlwifi { }; |