Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/sshguard: use nftables backend if enabled #70078

Merged
merged 1 commit into from Jan 27, 2020
Merged

nixos/sshguard: use nftables backend if enabled #70078

merged 1 commit into from Jan 27, 2020

Conversation

abrenk
Copy link
Contributor

@abrenk abrenk commented Sep 30, 2019

Motivation for this change

I use nftables instead of the default iptables firewall and would like to use sshguard. But the iptables/ipset backend is used unconditionally.

Things done

Adapted the module to use the nftables backend if config.networking.nftables.enable is true.

  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @peterhoeg @wahjava @danderson

@abrenk
nixos/sshguard: use nftables backend if enabled
baf6113 
The current module assumes use of iptables and breaks if nftables is
used instead.

This change configures the correct backend based on the
config.networking.nftables.enable setting.
@peterhoeg
Copy link
Member

This is great! I will not have time to try it out these next few days but if somebody else does, that would be great.

@wahjava
Copy link
Contributor

wahjava commented Oct 6, 2019

@abrenk --- I just tried your changes, and it works as expected with my nftables setup.

Thanks!

@c0bw3b c0bw3b added this to the 20.03 milestone Nov 29, 2019
@Profpatsch
Copy link
Member

One small comment, otherwise I’d say we can merge. Sorry this was never merged.

@Profpatsch Profpatsch merged commit 36da345 into NixOS:master Jan 27, 2020
@abrenk abrenk deleted the sshguard-nftables branch February 9, 2020 20:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 left review comments

@Profpatsch Profpatsch Profpatsch left review comments

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
20.03
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@abrenk @peterhoeg @wahjava @Profpatsch @Mic92 @c0bw3b