From f73a9d82dc93766080611c9e5f11828bfb3c8bb2 Mon Sep 17 00:00:00 2001 From: Daniel Barlow Date: Sun, 16 Jul 2023 17:04:19 +0100 Subject: [PATCH] add comments --- modules/firewall/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/firewall/default.nix b/modules/firewall/default.nix index 41b3bddea..af84a5d32 100644 --- a/modules/firewall/default.nix +++ b/modules/firewall/default.nix @@ -44,11 +44,14 @@ in let svc = (pkgs.callPackage ./service.nix {}) params; in svc // { dependencies = svc.dependencies ++ [loadModules]; }; + # For historical reasons the kernel config is split between + # monolithic options and modules. TODO: go through this list + # and see what can be moved into the "kconf" definiton above kernel.config = { NETFILTER_XT_MATCH_CONNTRACK = "y"; - IP6_NF_IPTABLES= "y"; # do we still need these - IP_NF_IPTABLES= "y"; # if using nftables directly + IP6_NF_IPTABLES= "y"; + IP_NF_IPTABLES= "y"; IP_NF_NAT = "y"; IP_NF_TARGET_MASQUERADE = "y";