mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-21 04:49:01 +02:00
* Add a firewall option to allow pings. (Maybe this should
be enabled by default.) svn path=/nixos/trunk/; revision=26233
This commit is contained in:
parent
e4051e105c
commit
12161f3183
|
@ -62,6 +62,15 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
networking.firewall.allowPing = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description =
|
||||
''
|
||||
Whether to respond to incoming ICMP echo requests ("pings").
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
|
@ -130,6 +139,12 @@ in
|
|||
# stuff like neighbor/router solicitation won't work.
|
||||
ip6tables -A INPUT -s fe80::/10 -p icmpv6 -j ACCEPT
|
||||
|
||||
# Optionally respond to pings.
|
||||
${optionalString cfg.allowPing ''
|
||||
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
||||
ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
|
||||
''}
|
||||
|
||||
# Reject/drop everything else.
|
||||
ip46tables -A INPUT -j FW_REFUSE
|
||||
'';
|
||||
|
|
Loading…
Reference in a new issue