Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/shadowsocks-libev: enable firewall ports #58649

Closed
wants to merge 1 commit into from
Closed

nixos/shadowsocks-libev: enable firewall ports #58649

wants to merge 1 commit into from

Conversation

marsam
Copy link
Contributor

@marsam marsam commented Apr 1, 2019

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@marsam marsam requested a review from infinisil as a code owner April 1, 2019 05:15
gazally
gazally approved these changes Jun 27, 2019
View reviewed changes
Copy link
Contributor

@gazally gazally left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not use shadowsocks, but I tried out this PR on my system and used iptables -S to verify that it opens the desired firewall ports. I also read the checklist in the "Updating Modules" section of the Nixpkgs manual and did not see anything there that needs to be done for this PR, so I think it should be merged.

@nixos-discourse
Copy link

This pull request has been mentioned on Nix community. There might be relevant details there:

https://discourse.nixos.org/t/prs-already-reviewed/2617/26

@timokau
Copy link
Member

timokau commented Jun 27, 2019

Might be that I'm missing something here, but this opens those ports by default right? The manual says:

enabling a module should not open firewall ports by default

@marsam
Copy link
Contributor Author

marsam commented Jun 27, 2019

Might be that I'm missing something here, but this opens those ports by default right? The manual says:

enabling a module should not open firewall ports by default

Thanks, somehow I missed that. Closing.

@marsam marsam closed this Jun 27, 2019
@marsam marsam deleted the shadowsocks-libev-firewall branch June 27, 2019 15:42
@timokau
Copy link
Member

timokau commented Jun 27, 2019

Just as a general policy, poking holes in someones firewal should always be very explicit :) Maybe someone just wants to use a service on localhost or something and doesn't want to deal with the security implications of having it exposed to the wider net.

@worldofpeace
Copy link
Contributor

worldofpeace commented Jun 27, 2019
edited

Why not just add an option within the module to do this then (default false)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gazally gazally gazally approved these changes

@infinisil infinisil Awaiting requested review from infinisil

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@marsam @nixos-discourse @timokau @worldofpeace @gazally @GrahamcOfBorg