services.reaction.stopForFirewall

Whether to stop reaction when reloading the firewall.

The presence of a reaction chain in the INPUT table may cause the firewall reload to fail. One can alternatively cherry-pick the right iptables commands to execute before and after the firewall

{
  systemd.services.firewall.serviceConfig = {
    ExecStopPre = [ "${pkgs.iptables}/bin/iptables -w -D INPUT -p all -j reaction" ];
    ExecStartPost = [ "${pkgs.iptables}/bin/iptables -w -I INPUT -p all -j reaction" ];
  };
}

Type

boolean

Default

false

Declared

<nixpkgs/nixos/modules/services/security/reaction.nix>