nftables: adds information regarding nftables and Docker (#24326)

pyrox.dev / nixpkgs

fork atom

lol

fork atom

authored by

Richard Zetterberg and committed by

Robin Gloster 9 years ago dc10688e f087b759

+11

1 changed file

expand all

unified split

nixos

modules

services

networking

nftables.nix

+11

nixos/modules/services/networking/nftables.nix

··· 17 18 This conflicts with the standard networking firewall, so make sure to 19 disable it before using nftables. 20 ''; 21 }; 22 networking.nftables.ruleset = mkOption {

··· 17 18 This conflicts with the standard networking firewall, so make sure to 19 disable it before using nftables. 20 + 21 + Note that if you have Docker enabled you will not be able to use 22 + nftables without intervention. Docker uses iptables internally to 23 + setup NAT for containers. This module disables the ip_tables kernel 24 + module, however Docker automatically loads the module. Please see [1] 25 + for more information. 26 + 27 + There are other programs that use iptables internally too, such as 28 + libvirt. 29 + 30 + [1]: https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273 31 ''; 32 }; 33 networking.nftables.ruleset = mkOption {