about summary refs log tree commit diff
path: root/nixpkgs/nixos/modules/services/networking/firewall.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/firewall.nix')
-rw-r--r--nixpkgs/nixos/modules/services/networking/firewall.nix42
1 files changed, 21 insertions, 21 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/firewall.nix b/nixpkgs/nixos/modules/services/networking/firewall.nix
index ac02a93836b8..a35cc51a3870 100644
--- a/nixpkgs/nixos/modules/services/networking/firewall.nix
+++ b/nixpkgs/nixos/modules/services/networking/firewall.nix
@@ -15,7 +15,7 @@ let
       default = [ ];
       apply = canonicalizePortList;
       example = [ 22 80 ];
-      description = lib.mdDoc ''
+      description = ''
         List of TCP ports on which incoming connections are
         accepted.
       '';
@@ -25,7 +25,7 @@ let
       type = types.listOf (types.attrsOf types.port);
       default = [ ];
       example = [{ from = 8999; to = 9003; }];
-      description = lib.mdDoc ''
+      description = ''
         A range of TCP ports on which incoming connections are
         accepted.
       '';
@@ -36,7 +36,7 @@ let
       default = [ ];
       apply = canonicalizePortList;
       example = [ 53 ];
-      description = lib.mdDoc ''
+      description = ''
         List of open UDP ports.
       '';
     };
@@ -45,7 +45,7 @@ let
       type = types.listOf (types.attrsOf types.port);
       default = [ ];
       example = [{ from = 60000; to = 61000; }];
-      description = lib.mdDoc ''
+      description = ''
         Range of open UDP ports.
       '';
     };
@@ -61,7 +61,7 @@ in
       enable = mkOption {
         type = types.bool;
         default = true;
-        description = lib.mdDoc ''
+        description = ''
           Whether to enable the firewall.  This is a simple stateful
           firewall that blocks connection attempts to unauthorised TCP
           or UDP ports on this machine.
@@ -73,7 +73,7 @@ in
         default = if config.networking.nftables.enable then pkgs.nftables else pkgs.iptables;
         defaultText = literalExpression ''if config.networking.nftables.enable then "pkgs.nftables" else "pkgs.iptables"'';
         example = literalExpression "pkgs.iptables-legacy";
-        description = lib.mdDoc ''
+        description = ''
           The package to use for running the firewall service.
         '';
       };
@@ -81,7 +81,7 @@ in
       logRefusedConnections = mkOption {
         type = types.bool;
         default = true;
-        description = lib.mdDoc ''
+        description = ''
           Whether to log rejected or dropped incoming connections.
           Note: The logs are found in the kernel logs, i.e. dmesg
           or journalctl -k.
@@ -91,7 +91,7 @@ in
       logRefusedPackets = mkOption {
         type = types.bool;
         default = false;
-        description = lib.mdDoc ''
+        description = ''
           Whether to log all rejected or dropped incoming packets.
           This tends to give a lot of log messages, so it's mostly
           useful for debugging.
@@ -103,7 +103,7 @@ in
       logRefusedUnicastsOnly = mkOption {
         type = types.bool;
         default = true;
-        description = lib.mdDoc ''
+        description = ''
           If {option}`networking.firewall.logRefusedPackets`
           and this option are enabled, then only log packets
           specifically directed at this machine, i.e., not broadcasts
@@ -114,7 +114,7 @@ in
       rejectPackets = mkOption {
         type = types.bool;
         default = false;
-        description = lib.mdDoc ''
+        description = ''
           If set, refused packets are rejected rather than dropped
           (ignored).  This means that an ICMP "port unreachable" error
           message is sent back to the client (or a TCP RST packet in
@@ -127,7 +127,7 @@ in
         type = types.listOf types.str;
         default = [ ];
         example = [ "enp0s2" ];
-        description = lib.mdDoc ''
+        description = ''
           Traffic coming in from these interfaces will be accepted
           unconditionally.  Traffic from the loopback (lo) interface
           will always be accepted.
@@ -137,7 +137,7 @@ in
       allowPing = mkOption {
         type = types.bool;
         default = true;
-        description = lib.mdDoc ''
+        description = ''
           Whether to respond to incoming ICMPv4 echo requests
           ("pings").  ICMPv6 pings are always allowed because the
           larger address space of IPv6 makes network scanning much
@@ -149,7 +149,7 @@ in
         type = types.nullOr (types.separatedString " ");
         default = null;
         example = "--limit 1/minute --limit-burst 5";
-        description = lib.mdDoc ''
+        description = ''
           If pings are allowed, this allows setting rate limits on them.
 
           For the iptables based firewall, it should be set like
@@ -165,7 +165,7 @@ in
         default = true;
         defaultText = literalMD "`true` except if the iptables based firewall is in use and the kernel lacks rpfilter support";
         example = "loose";
-        description = lib.mdDoc ''
+        description = ''
           Performs a reverse path filter test on a packet.  If a reply
           to the packet would not be sent via the same interface that
           the packet arrived on, it is refused.
@@ -183,7 +183,7 @@ in
       logReversePathDrops = mkOption {
         type = types.bool;
         default = false;
-        description = lib.mdDoc ''
+        description = ''
           Logs dropped packets failing the reverse path filter test if
           the option networking.firewall.checkReversePath is enabled.
         '';
@@ -192,7 +192,7 @@ in
       filterForward = mkOption {
         type = types.bool;
         default = false;
-        description = lib.mdDoc ''
+        description = ''
           Enable filtering in IP forwarding.
 
           This option only works with the nftables based firewall.
@@ -203,7 +203,7 @@ in
         type = types.listOf types.str;
         default = [ ];
         example = [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ];
-        description = lib.mdDoc ''
+        description = ''
           List of connection-tracking helpers that are auto-loaded.
           The complete list of possible values is given in the example.
 
@@ -222,7 +222,7 @@ in
       autoLoadConntrackHelpers = mkOption {
         type = types.bool;
         default = false;
-        description = lib.mdDoc ''
+        description = ''
           Whether to auto-load connection-tracking helpers.
           See the description at networking.firewall.connectionTrackingModules
 
@@ -234,7 +234,7 @@ in
         type = types.listOf types.package;
         default = [ ];
         example = literalExpression "[ pkgs.ipset ]";
-        description = lib.mdDoc ''
+        description = ''
           Additional packages to be included in the environment of the system
           as well as the path of networking.firewall.extraCommands.
         '';
@@ -243,7 +243,7 @@ in
       interfaces = mkOption {
         default = { };
         type = with types; attrsOf (submodule [{ options = commonOptions; }]);
-        description = lib.mdDoc ''
+        description = ''
           Interface-specific open ports.
         '';
       };
@@ -253,7 +253,7 @@ in
         visible = false;
         default = { default = mapAttrs (name: value: cfg.${name}) commonOptions; } // cfg.interfaces;
         type = with types; attrsOf (submodule [{ options = commonOptions; }]);
-        description = lib.mdDoc ''
+        description = ''
           All open ports.
         '';
       };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-02 15:21:18 +0000