colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

networking/nftables: only delete our tables if flushRuleset is set to false

Browse Source
This commit is contained in:
Maciej Krüger 2022-12-28 02:52:26 +01:00
parent d5a0826686
commit 5f300ad70c
No known key found for this signature in database
GPG Key ID: 0D948CE19CF49C5F
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/modules/services/networking/nftables.nix
View File

@ -248,7 +248,11 @@ in
RemainAfterExit = true;
ExecStart = rulesScript;
ExecReload = rulesScript;
ExecStop = "${pkgs.nftables}/bin/nft flush ruleset";
ExecStop = "${pkgs.nftables}/bin/nft ${
if cfg.flushRuleset then "flush ruleset"
else escapeShellArg (concatStringsSep "; " (
mapAttrsToList (_: table: "delete table ${table.family} ${table.name}") enabledTables
))}";
};
};
};