ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-21 20:49:52 +03:00
Code Issues Projects Releases Wiki Activity

nixos/firewall: fix inverted assertion for reverse path filtering

Browse Source 
Previously the assertion passed if the kernel had support OR the
filter was *enabled*. In the case of a kernel without support, the
`checkReversePath` option defaulted to false, and then failed the
assertion.
This commit is contained in:
Andrew Childs 2019-11-17 13:48:53 +09:00 committed by Alyssa Ross
parent 7ed8a2c7f5
commit 2c121f4215
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/networking/firewall.nix
View File

@ -546,7 +546,7 @@ in
options nf_conntrack nf_conntrack_helper=1
'';
assertions = [ { assertion = (cfg.checkReversePath != false) || kernelHasRPFilter;
assertions = [ { assertion = cfg.checkReversePath -> kernelHasRPFilter;
message = "This kernel does not support rpfilter"; }
];