flush rules on firewall teardown

2025-03-09 23:15:44 -04:00 · 2025-03-09 23:15:44 -04:00 · c9e55d49f1
commit c9e55d49f1
parent c1d318ba67
1 changed files with 8 additions and 0 deletions
--- a/postfix.nix
+++ b/postfix.nix
@ -9,6 +9,14 @@
    iptables -I OUTPUT -m tcp -p tcp --dport 25 -d 127.0.0.1 -j ACCEPT
    ip6tables -I OUTPUT -m tcp -p tcp --dport 25 -d ::1 -j ACCEPT
  '';
+  # The following is necessary to prevent the above rules from being added at every nixos-rebuild switch.
+  # See link for more info
+  # https://github.com/NixOS/nixpkgs/issues/201614
+  # Flush the firewall rules
+  networking.firewall.extraStopCommands = ''
+    iptables -F
+    ip6tables -F
+  '';

  services.postfix = {
    enable = true;