Author: eelco
Date: Wed Mar 9 15:28:47 2011
New Revision: 26233
URL: https://svn.nixos.org/websvn/nix/?rev=26233&sc=1
Log:
* Add a firewall option to allow pings. (Maybe this should
be enabled by default.)
Modified:
nixos/trunk/modules/services/networking/firewall.nix
Modified: nixos/trunk/modules/services/networking/firewall.nix
==============================================================================
--- nixos/trunk/modules/services/networking/firewall.nix Wed Mar 9
15:11:01 2011 (r26232)
+++ nixos/trunk/modules/services/networking/firewall.nix Wed Mar 9
15:28:47 2011 (r26233)
@@ -62,6 +62,15 @@
'';
};
+ networking.firewall.allowPing = mkOption {
+ default = false;
+ type = types.bool;
+ description =
+ ''
+ Whether to respond to incoming ICMP echo requests ("pings").
+ '';
+ };
+
};
@@ -130,6 +139,12 @@
# stuff like neighbor/router solicitation won't work.
ip6tables -A INPUT -s fe80::/10 -p icmpv6 -j ACCEPT
+ # Optionally respond to pings.
+ ${optionalString cfg.allowPing ''
+ iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+ ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+ ''}
+
# Reject/drop everything else.
ip46tables -A INPUT -j FW_REFUSE
'';
_______________________________________________
nix-commits mailing list
[email protected]
http://mail.cs.uu.nl/mailman/listinfo/nix-commits
