DGNum/liminix
14
0
Fork 2
Code Issues 15 Pull requests 7 Projects Releases Packages Wiki Activity Actions

add comments

Browse source
This commit is contained in:
Daniel Barlow 2023-07-16 17:04:19 +01:00
parent 1117f98afc
commit f73a9d82dc
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
modules/firewall/default.nix
View file

@ -44,11 +44,14 @@ in
let svc = (pkgs.callPackage ./service.nix {}) params; let svc = (pkgs.callPackage ./service.nix {}) params;
in svc // { dependencies = svc.dependencies ++ [loadModules]; }; in svc // { dependencies = svc.dependencies ++ [loadModules]; };
# For historical reasons the kernel config is split between
# monolithic options and modules. TODO: go through this list
# and see what can be moved into the "kconf" definiton above
kernel.config = { kernel.config = {
NETFILTER_XT_MATCH_CONNTRACK = "y"; NETFILTER_XT_MATCH_CONNTRACK = "y";
IP6_NF_IPTABLES= "y"; # do we still need these IP6_NF_IPTABLES= "y";
IP_NF_IPTABLES= "y"; # if using nftables directly IP_NF_IPTABLES= "y";
IP_NF_NAT = "y"; IP_NF_NAT = "y";
IP_NF_TARGET_MASQUERADE = "y"; IP_NF_TARGET_MASQUERADE = "y";