Remove extra flush commands on firewall stop

They are not needed as they are already flushed when the firewall starts or stops.
Prevent accidental use of nftables
2025-07-11 16:13:35 +02:00 · 2025-07-11 16:12:44 +02:00
2 changed files with 4 additions and 6 deletions
--- a/m/apex/nfs.nix
+++ b/m/apex/nfs.nix
@@ -28,10 +28,5 @@
      iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4002  -j nixos-fw-accept
      iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 20048 -j nixos-fw-accept
    '';
-    # Flush all rules and chains on stop so it won't break on start
-    extraStopCommands = ''
-      iptables -F
-      iptables -X
-    '';
  };
 }
--- a/m/common/base/net.nix
+++ b/m/common/base/net.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:

 {
  networking = {
@@ -10,6 +10,9 @@
      allowedTCPPorts = [ 22 ];
    };

+    # Make sure we use iptables
+    nftables.enable = lib.mkForce false;
+
    hosts = {
      "84.88.53.236" = [ "apex" "ssfhead.bsc.es" "ssfhead" ];
      "84.88.51.152" = [ "raccoon" ];
Author	SHA1	Message	Date
Rodrigo Arias Mallo	4e9be9a8d3	Remove extra flush commands on firewall stop They are not needed as they are already flushed when the firewall starts or stops.	2025-07-11 16:13:35 +02:00
Rodrigo Arias Mallo	afe2c4d7b1	Prevent accidental use of nftables	2025-07-11 16:12:44 +02:00