dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/avahi: revert closing firewall port by default

Browse Source
This commit is contained in:
Sandro Jäckel 2022-12-10 03:40:39 +01:00
parent 23493afbe6
commit 89b5dddf99
No known key found for this signature in database
GPG Key ID: 3AF5A43A3EECC2E5
3 changed files with 3 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
View File

@ -87,16 +87,6 @@
<literal>true</literal>, or configure your firewall. <literal>true</literal>, or configure your firewall.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The
<link linkend="opt-services.avahi.openFirewall">services.avahi.openFirewall</link>
module option default value has been changed from
<literal>true</literal> to <literal>false</literal>. You will
need to explicitely set this option to
<literal>true</literal>, or configure your firewall.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
The The

2
nixos/doc/manual/release-notes/rl-2305.section.md
View File

@ -31,8 +31,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- The [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall. - The [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall.
- The [services.avahi.openFirewall](#opt-services.avahi.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall.
- The [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall. - The [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall.
- The [services.unifi-video.openFirewall](#opt-services.unifi-video.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall. - The [services.unifi-video.openFirewall](#opt-services.unifi-video.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall.

5
nixos/modules/services/networking/avahi-daemon.nix
View File

@ -103,16 +103,17 @@ in
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
default = false; default = true;
description = lib.mdDoc '' description = lib.mdDoc ''
Whether to open the firewall for UDP port 5353. Whether to open the firewall for UDP port 5353.
Disabling this setting also disables discovering of network devices.
''; '';
}; };
allowPointToPoint = mkOption { allowPointToPoint = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description= lib.mdDoc '' description = lib.mdDoc ''
Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large
latencies with such links and opens a potential security hole by allowing mDNS access from Internet latencies with such links and opens a potential security hole by allowing mDNS access from Internet
connections. connections.