From ce2cda1c41de71f27f6566c049496dfa3f9d4c3f Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Fri, 11 Jul 2025 16:12:44 +0200
Subject: [PATCH] Prevent accidental use of nftables
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-by: Aleix Boné <abonerib@bsc.es>
---
 m/common/base/net.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/m/common/base/net.nix b/m/common/base/net.nix
index 9fb15990..3a64c786 100644
--- a/m/common/base/net.nix
+++ b/m/common/base/net.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 
 {
   networking = {
@@ -10,6 +10,9 @@
       allowedTCPPorts = [ 22 ];
     };
 
+    # Make sure we use iptables
+    nftables.enable = lib.mkForce false;
+
     hosts = {
       "84.88.53.236" = [ "apex" "ssfhead.bsc.es" "ssfhead" ];
       "84.88.51.152" = [ "raccoon" ];