Skip to content

Comments

nixos/firewalld: init#398587

Merged
mkg20001 merged 10 commits intoNixOS:masterfrom
Prince213:nixos/firewalld
Nov 20, 2025
Merged

nixos/firewalld: init#398587
mkg20001 merged 10 commits intoNixOS:masterfrom
Prince213:nixos/firewalld

Conversation

@Prince213
Copy link
Member

@Prince213 Prince213 commented Apr 14, 2025
edited
Loading

This PR introduces NixOS modules for FirewallD.
There are 3 main parts:

  • services.firewalld, which allows for declarative configuration of firewalld; and
  • networking.firewall.firewalld, which will create a default zone name nixos with many existing configurations from networking.firewall.
  • (networkmanager: enable firewalld support #463498) NetworkManager now installs firewalld zone nm-shared.

What's not done:

  • Configuration for files other than zones and services
  • /etc/firewall/applet.conf
  • networking.firewall.backend as a enum, current approach is complicated
  • NetworkManager integration

    nixpkgs/pkgs/tools/networking/networkmanager/default.nix

    Lines 121 to 122 in 2631b0b

    # We don't use firewalld in NixOS
    "-Dfirewalld_zone=false"

Related to https://git.sr.ht/~prince213/firewalld-nix.
Related to #389437.
Closes #165882.
Supersedes #205380.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Apr 14, 2025
@Prince213 Prince213 added 0.kind: enhancement Add something new or improve an existing system. 2.status: work-in-progress 8.has: module (new) This PR adds a module in `nixos/` 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 9.needs: changelog This PR needs a changelog entry 9.needs: community feedback This needs feedback from more community members. 9.needs: tests This PR needs tests and removed 8.has: module (update) This PR changes an existing module in `nixos/` labels Apr 14, 2025
@github-actions github-actions bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Apr 14, 2025
@github-actions github-actions bot added the 8.has: module (update) This PR changes an existing module in `nixos/` label Apr 15, 2025
@Prince213 Prince213 force-pushed the nixos/firewalld branch 2 times, most recently from a337ad7 to da27d92 Compare April 15, 2025 05:44
@Prince213
Copy link
Member Author

Prince213 commented Apr 15, 2025

@ofborg test firewall-firewalld

@github-actions github-actions bot added 8.has: changelog This PR adds or changes release notes 8.has: documentation This PR adds or changes documentation labels Apr 15, 2025
@Prince213 Prince213 added 8.has: clean-up This PR removes packages or removes other cruft 8.has: tests This PR has tests and removed 9.needs: changelog This PR needs a changelog entry 9.needs: tests This PR needs tests labels Apr 15, 2025
@github-actions github-actions bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. and removed 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. labels Apr 15, 2025
@Prince213
Copy link
Member Author

Prince213 commented Apr 15, 2025

@ofborg test firewall-firewalld

@Prince213
Copy link
Member Author

Prince213 commented Apr 15, 2025

@ofborg test firewalld

@Prince213 Prince213 marked this pull request as ready for review April 15, 2025 09:35
@Prince213 Prince213 requested a review from Aleksanaa April 15, 2025 09:36
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. and removed 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-nixos-tests This PR causes rebuilds for all NixOS tests and should normally target the staging branches. labels Sep 23, 2025
@limwa
Copy link
Contributor

limwa commented Sep 23, 2025
edited
Loading

nixpkgs-review result for #398587

Generated using nixpkgs-review-gha

Command: nixpkgs-review pr 398587
Commit: 0a86ceb7a6101ddfef153ef7bb4565f4a0e31937 (subsequent changes)
Merge: 6e1554d6dbaacac5b7ea6e31b997b91f53410da0

Logs: https://github.com/limwa/nixpkgs-review-gha/actions/runs/17951030559

x86_64-linux

⏩ 2 packages blacklisted:
  • nixos-install-tools
  • tests.nixos-functions.nixos-test

aarch64-linux

⏩ 2 packages blacklisted:
  • nixos-install-tools
  • tests.nixos-functions.nixos-test

x86_64-darwin

No rebuilds

aarch64-darwin

No rebuilds

@nixpkgs-ci nixpkgs-ci bot added the 2.status: merge conflict This PR has merge conflicts with the target branch label Sep 26, 2025
@Prince213 Prince213 removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Oct 4, 2025
@infinisil infinisil mentioned this pull request Nov 5, 2025
Merged
@nixpkgs-ci nixpkgs-ci bot added the 2.status: merge conflict This PR has merge conflicts with the target branch label Nov 6, 2025
@nixpkgs-ci nixpkgs-ci bot added 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. and removed 2.status: merge conflict This PR has merge conflicts with the target branch labels Nov 20, 2025
@Prince213 Prince213 mentioned this pull request Nov 20, 2025
Merged
@limwa
Copy link
Contributor

limwa commented Nov 20, 2025

I've been testing this since and I've not had problems with losing DNS resolution, so it got fixed (probably by tailscale)!

As far as I'm concerned, this PR is ready to be merged. Thank you!

@mkg20001 mkg20001 added this pull request to the merge queue Nov 20, 2025
Merged via the queue into NixOS:master with commit db0532f Nov 20, 2025
27 of 30 checks passed
@Aleksanaa
Copy link
Member

Aleksanaa commented Nov 20, 2025

sticker.webm

@Prince213 Prince213 mentioned this pull request Nov 20, 2025
Merged
13 tasks
@Prince213 Prince213 deleted the nixos/firewalld branch November 25, 2025 03:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@drupol drupol drupol left review comments

@MattSturgeon MattSturgeon MattSturgeon left review comments

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

@domenkozar domenkozar Awaiting requested review from domenkozar

@jtojnar jtojnar Awaiting requested review from jtojnar

@obadz obadz Awaiting requested review from obadz

@fpletz fpletz Awaiting requested review from fpletz

@K900 K900 Awaiting requested review from K900

@mkg20001 mkg20001 Awaiting requested review from mkg20001

@duament duament Awaiting requested review from duament

@r-vdp r-vdp Awaiting requested review from r-vdp

@Aleksanaa Aleksanaa Awaiting requested review from Aleksanaa

+2 more reviewers

@limwa limwa limwa left review comments

@Guelakais Guelakais Guelakais approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

0.kind: enhancement Add something new or improve an existing system. 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog This PR adds or changes release notes 8.has: clean-up This PR removes packages or removes other cruft 8.has: documentation This PR adds or changes documentation 8.has: module (new) This PR adds a module in `nixos/` 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: tests This PR has tests 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 12.approvals: 1 This PR was reviewed and approved by one person.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

firewalld