Commit graph

17 commits

Author SHA1 Message Date
Eelco Dolstra 005ca15f64 * Firewall: add an option to allow extra firewall rules to be added.
* Firewall: change the policy of the INPUT chain back to ACCEPT to
  prevent a lockup when the Nix store is mounted over the network
  (i.e. in our VM tests).  This is because as soon as the policy is
  set to DROP, the iptables modules that enable access to the network
  filesystem cannot be acccessed anymore.

svn path=/nixos/trunk/; revision=26274
2011-03-11 13:04:17 +00:00
Eelco Dolstra ab0ce6734b * firewall.nix: Only flush/delete the chains created by us.
svn path=/nixos/trunk/; revision=26271
2011-03-11 11:53:18 +00:00
Eelco Dolstra f672aa71bf * RFC 4890 says that local nodes should not filter pretty much any
ICMPv6 messages (including echo requests), so don't do that.

svn path=/nixos/trunk/; revision=26270
2011-03-11 11:08:16 +00:00
Eelco Dolstra 0ea9f6611a * Add some more rules to allow ICMPv6 router/neighbour advertisements
in.  Maybe we're better off accepting all ICMPv6 messages *except*
  echo requests.

svn path=/nixos/trunk/; revision=26260
2011-03-10 16:25:08 +00:00
Eelco Dolstra d6424efbfb * Cleanup.
svn path=/nixos/trunk/; revision=26244
2011-03-10 09:39:17 +00:00
Eelco Dolstra e884cbed7d * Add an option for opening UDP ports.
* Accept packets destined for link-local addresses (fe80::/10).

svn path=/nixos/trunk/; revision=26236
2011-03-09 16:37:16 +00:00
Eelco Dolstra 12161f3183 * Add a firewall option to allow pings. (Maybe this should
be enabled by default.)

svn path=/nixos/trunk/; revision=26233
2011-03-09 15:28:47 +00:00
Eelco Dolstra e4051e105c * Use a separate chain for logging and rejecting.
svn path=/nixos/trunk/; revision=26232
2011-03-09 15:11:01 +00:00
Eelco Dolstra 66716f9dd5 * Firewall: support IPv6.
svn path=/nixos/trunk/; revision=26231
2011-03-09 14:41:48 +00:00
Eelco Dolstra 843e1f6c1e * Cleanup.
svn path=/nixos/trunk/; revision=26228
2011-03-09 12:28:44 +00:00
Eelco Dolstra 83a9bf9a6a * Change all the startOn / stopOn attributes to the Upstart 0.6 syntax
(e.g., startOn = "started foo" instead of startOn = "foo").

svn path=/nixos/branches/upstart-0.6/; revision=18230
2009-11-06 22:19:17 +00:00
Eelco Dolstra eba8f94069 * jobAttrs -> jobs.
svn path=/nixos/trunk/; revision=17769
2009-10-12 18:09:34 +00:00
Eelco Dolstra d982f23f20 * Convert the remaining jobs to jobAttrs style.
svn path=/nixos/trunk/; revision=17764
2009-10-12 17:27:57 +00:00
Eelco Dolstra a5ad5a035e * Firewall: by default, only log rejected TCP connections. Otherwise
you get a lot of garbage in the log.  Also, an option to reject
  instead of drop packets.

svn path=/nixos/trunk/; revision=17505
2009-09-29 14:21:56 +00:00
Eelco Dolstra 2331a5140d * Added a module for the bluetooth daemon.
* Refactored some other modules (dbus, hal).

svn path=/nixos/trunk/; revision=16652
2009-08-10 18:25:09 +00:00
Eelco Dolstra f0f5434eaa * Add an option to enable the firewall. It should eventually be
enabled by default.

svn path=/nixos/branches/modular-nixos/; revision=16464
2009-07-26 21:27:35 +00:00
Eelco Dolstra 264b49fce7 * A very basic firewall that rejects all incoming connections except
for the ports defined in networking.firewall.allowedTCPPorts.

svn path=/nixos/branches/modular-nixos/; revision=16460
2009-07-24 23:12:52 +00:00