gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use iptables' ‘-w’ flag

Browse Source 
This prevents errors like "Another app is currently holding the
xtables lock" if the firewall and NAT services are starting in
parallel.  (Longer term, we should probably move to a single service
for managing the iptables rules.)
This commit is contained in:
Eelco Dolstra
2014-04-11 16:29:45 +02:00
parent b9281e6a2d
commit 017408e048
2 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/modules/services/networking/firewall.nix
View File

@@ -32,9 +32,9 @@ let
''
# Helper command to manipulate both the IPv4 and IPv6 tables.
ip46tables() {
iptables "$@"
iptables -w "$@"
${optionalString config.networking.enableIPv6 ''
ip6tables "$@"
ip6tables -w "$@"
''}
}
'';
@@ -386,7 +386,7 @@ in
# Optionally respond to ICMPv4 pings.
${optionalString cfg.allowPing ''
iptables -A nixos-fw -p icmp --icmp-type echo-request ${optionalString (cfg.pingLimit != null)
iptables -w -A nixos-fw -p icmp --icmp-type echo-request ${optionalString (cfg.pingLimit != null)
"-m limit ${cfg.pingLimit} "
}-j nixos-fw-accept
''}