Rename back to default and better release notes

2018-11-22 19:24:23 -05:00 · 2018-11-22 19:24:23 -05:00 · 308ab4ea25
commit 308ab4ea25
parent b48c6d051b
2 changed files with 13 additions and 9 deletions
--- a/nixos/doc/manual/release-notes/rl-1903.xml
+++ b/nixos/doc/manual/release-notes/rl-1903.xml
@ -222,9 +222,13 @@
   </listitem>
   <listitem>
    <para>
-     NixOS global firewall allow options (<literal>networking.firewall.allow*</literal>)
-     are now preserved when setting interface specific rules such as
-     <literal>networking.firewall.interfaces.en0.allow*</literal>.
+     Network interface indiscriminate NixOS firewall options
+     (<literal>networking.firewall.allow*</literal>) are now preserved when also
+     setting interface specific rules such as <literal>networking.firewall.interfaces.en0.allow*</literal>.
+     These rules continue to use the pseudo device "default"
+     (<literal>networking.firewall.interfaces.default.*</literal>), and assigning
+     to this pseudo device will override the (<literal>networking.firewall.allow*</literal>)
+     options.
    </para>
   </listitem>
  </itemizedlist>
--- a/nixos/modules/services/networking/firewall.nix
+++ b/nixos/modules/services/networking/firewall.nix
@ -58,8 +58,8 @@ let
    ${text}
  ''; in "${dir}/bin/${name}";

-  anyInterface = { any = mapAttrs (name: value: cfg."${name}") commonOptions; };
-  allInterfaces = anyInterface // cfg.interfaces;
+  defaultInterface = { default = mapAttrs (name: value: cfg."${name}") commonOptions; };
+  allInterfaces = defaultInterface // cfg.interfaces;

  startScript = writeShScript "firewall-start" ''
    ${helpers}
@ -154,7 +154,7 @@ let
    ${concatStrings (mapAttrsToList (iface: cfg:
      concatMapStrings (port:
        ''
-          ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"}
+          ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
        ''
      ) cfg.allowedTCPPorts
    ) allInterfaces)}
@ -164,7 +164,7 @@ let
      concatMapStrings (rangeAttr:
        let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in
        ''
-          ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"}
+          ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
        ''
      ) cfg.allowedTCPPortRanges
    ) allInterfaces)}
@ -173,7 +173,7 @@ let
    ${concatStrings (mapAttrsToList (iface: cfg:
      concatMapStrings (port:
        ''
-          ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"}
+          ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
        ''
      ) cfg.allowedUDPPorts
    ) allInterfaces)}
@ -183,7 +183,7 @@ let
      concatMapStrings (rangeAttr:
        let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in
        ''
-          ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "any") "-i ${iface}"}
+          ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"}
        ''
      ) cfg.allowedUDPPortRanges
    ) allInterfaces)}