b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/avahi: revert closing firewall port by default

Browse source
This commit is contained in:
Sandro Jäckel 2022-12-10 03:40:39 +01:00
parent 23493afbe6
commit 89b5dddf99
No known key found for this signature in database
GPG key ID: 3AF5A43A3EECC2E5
3 changed files with 3 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
View file

@ -87,16 +87,6 @@
<literal>true</literal>, or configure your firewall.
</para>
</listitem>
<listitem>
<para>
The
<link linkend="opt-services.avahi.openFirewall">services.avahi.openFirewall</link>
module option default value has been changed from
<literal>true</literal> to <literal>false</literal>. You will
need to explicitely set this option to
<literal>true</literal>, or configure your firewall.
</para>
</listitem>
<listitem>
<para>
The

2
nixos/doc/manual/release-notes/rl-2305.section.md
View file

@ -31,8 +31,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- The [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall.
- The [services.avahi.openFirewall](#opt-services.avahi.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall.
- The [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall.
- The [services.unifi-video.openFirewall](#opt-services.unifi-video.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall.

5
nixos/modules/services/networking/avahi-daemon.nix
View file

@ -103,16 +103,17 @@ in
openFirewall = mkOption {
type = types.bool;
default = false;
default = true;
description = lib.mdDoc ''
Whether to open the firewall for UDP port 5353.
Disabling this setting also disables discovering of network devices.
'';
};
allowPointToPoint = mkOption {
type = types.bool;
default = false;
description= lib.mdDoc ''
description = lib.mdDoc ''
Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large
latencies with such links and opens a potential security hole by allowing mDNS access from Internet
connections.