jolheiser/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,783 Commits 266 Branches 122 Tags 5.3 GiB
095bf185ec
Commit Graph

21 Commits

Author SHA1 Message Date
William A. Kennington III
abc7c1b013 nixos/firewall: Add the ability to specify additional packages for extraCommands 2015-07-26 16:33:03 -07:00
Eelco Dolstra
f64589b2ef firewall: Don't depend on ipset 
NixOS doesn't use it, so no reason to include it.
 2015-07-26 22:45:39 +02:00
Eelco Dolstra
6e6a96d42c Some more type cleanup 2015-06-15 18:18:46 +02:00
Joachim Fasting
7023e03d77 firewall service: fix pingLimit example value 
The example uses single dashes, whereas iptables requires double dashes.
 2015-01-20 08:47:11 +01:00
Vladimír Čunát
61d9f06760 fix a typo from 2627198b0c 2014-12-28 10:44:50 +01:00
William A. Kennington III
2627198b0c nixos/firewall: Add ipset utility 2014-12-28 00:04:49 -08:00
William A. Kennington III
8a94c06595 nixos: Add network-pre.target and adjust firewall start ordering 2014-12-01 17:19:44 -08:00
Boris Sukholitko
53b24d0c95 firewall: clear rpfilter on stop 2014-11-14 09:07:18 +02:00
William A. Kennington III
ec9c4143a7 nixos/firewall: Cleanup in case reload fails 2014-09-16 15:51:57 -07:00
William A. Kennington III
6a43d51291 nixos/firewall: Support extraStopCommands 2014-09-15 21:31:26 -07:00
William A. Kennington III
fd7b9b4291 nixos/firewall: Don't allow traffic during reload 2014-09-15 20:40:16 -07:00
Eelco Dolstra
0a256cc0ee Firewall: Only start if we have CAP_NET_ADMIN 2014-04-19 23:02:59 +02:00
Eelco Dolstra
8dcf76480c firewall: Order after systemd-modules-load.service 
This ensures that connection tracking modules are loaded on time.
 2014-04-17 18:10:20 +02:00
Eelco Dolstra
29027fd1e1 Rewrite ‘with pkgs.lib’ -> ‘with lib’ 
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
 2014-04-14 16:26:48 +02:00
Eelco Dolstra
017408e048 Use iptables' ‘-w’ flag 
This prevents errors like "Another app is currently holding the
xtables lock" if the firewall and NAT services are starting in
parallel.  (Longer term, we should probably move to a single service
for managing the iptables rules.)
 2014-04-11 17:16:44 +02:00
Eelco Dolstra
694cc6172a Enable the firewall by default 
Fixes #2135.
 2014-04-08 09:44:01 +02:00
Shea Levy
a0d574f19b firewall: Allow setting rate limits for pings 2014-03-14 14:55:30 -04:00
Austin Seipp
fc9022bea1 firewall: add support for TCP/UDP port ranges 
This is useful for packages like mosh, which use a wide UDP port range
by default for incoming connections.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-02-22 18:19:22 +01:00
Eelco Dolstra
c1159edc65 Remove remaining references to Upstart 2013-10-31 13:26:06 +01:00
Eelco Dolstra
408b8b5725 Add lots of missing option types 2013-10-30 18:47:43 +01:00
Eelco Dolstra
5c1f8cbc70 Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00