| options/nixos/networking.firewall.enable | Whether to enable the firewall
|
| options/nixos/networking.firewall.extraCommands | Additional shell commands executed as part of the firewall
initialisation script
|
| options/nixos/networking.firewall.pingLimit | If pings are allowed, this allows setting rate limits on them
|
| options/nixos/networking.firewall.extraReversePathFilterRules | Additional nftables rules to be appended to the rpfilter-allow
chain
|
| options/nixos/networking.firewall.backend | Underlying implementation for the firewall service.
|
| options/nixos/networking.firewall.package | The package to use for running the firewall service.
|
| options/nixos/networking.firewall.logReversePathDrops | Logs dropped packets failing the reverse path filter test if
the option networking.firewall.checkReversePath is enabled.
|
| options/nixos/networking.firewall.checkReversePath | Performs a reverse path filter test on a packet
|
| options/nixos/networking.firewall.extraInputRules | Additional nftables rules to be appended to the input-allow
chain
|
| options/nixos/networking.firewall.extraStopCommands | Additional shell commands executed as part of the firewall
shutdown script
|
| options/nixos/networking.firewall.filterForward | Enable filtering in IP forwarding
|
| options/nixos/networking.firewall.extraForwardRules | Additional nftables rules to be appended to the forward-allow
chain
|
| options/nixos/networking.firewall.allowPing | Whether to respond to incoming ICMPv4 echo requests
("pings")
|
| options/nixos/networking.firewall.allowedUDPPorts | List of open UDP ports.
|
| options/nixos/networking.firewall.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| options/nixos/networking.firewall.extraPackages | Additional packages to be included in the environment of the system
as well as the path of networking.firewall.extraCommands.
|
| options/nixos/networking.firewall.allowedUDPPortRanges | Range of open UDP ports.
|
| options/nixos/networking.firewall.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| options/nixos/networking.firewall.interfaces | Interface-specific open ports.
|
| options/nixos/networking.firewall.rejectPackets | If set, refused packets are rejected rather than dropped
(ignored)
|
| options/nixos/networking.firewall.logRefusedPackets | Whether to log all rejected or dropped incoming packets
|
| options/nixos/networking.firewall.logRefusedUnicastsOnly | If networking.firewall.logRefusedPackets
and this option are enabled, then only log packets
specifically directed at this machine, i.e., not broadcasts
or multicasts.
|
| options/nixos/networking.firewall.autoLoadConntrackHelpers | Whether to auto-load connection-tracking helpers
|
| options/nixos/networking.firewall.trustedInterfaces | Traffic coming in from these interfaces will be accepted
unconditionally
|
| options/nixos/networking.firewall.logRefusedConnections | Whether to log rejected or dropped incoming connections
|
| options/nixos/networking.firewall.connectionTrackingModules | List of connection-tracking helpers that are auto-loaded
|