From c9e55d49f1e94c26180e7b8d69f4110f668293b1 Mon Sep 17 00:00:00 2001
From: jaina heartles <me@heartles.xyz>
Date: Sun, 9 Mar 2025 23:15:44 -0400
Subject: [PATCH] flush rules on firewall teardown

---
 postfix.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/postfix.nix b/postfix.nix
index 7521826..b014f06 100644
--- a/postfix.nix
+++ b/postfix.nix
@@ -9,6 +9,14 @@
     iptables -I OUTPUT -m tcp -p tcp --dport 25 -d 127.0.0.1 -j ACCEPT
     ip6tables -I OUTPUT -m tcp -p tcp --dport 25 -d ::1 -j ACCEPT
   '';
+  # The following is necessary to prevent the above rules from being added at every nixos-rebuild switch.
+  # See link for more info
+  # https://github.com/NixOS/nixpkgs/issues/201614
+  # Flush the firewall rules
+  networking.firewall.extraStopCommands = ''
+    iptables -F
+    ip6tables -F
+  '';
 
   services.postfix = {
     enable = true;