diff options
author | Sandro Jäckel <sandro.jaeckel@gmail.com> | 2022-12-10 03:40:39 +0100 |
---|---|---|
committer | Sandro Jäckel <sandro.jaeckel@gmail.com> | 2022-12-10 03:40:39 +0100 |
commit | 89b5dddf990fd7fe99528a972ff037002e8e3046 (patch) | |
tree | fcd3b5b61444bdd9c80aad2920738735a17a5917 | |
parent | 23493afbe6b699a12bb4df4cf7805aaffa28e54f (diff) |
nixos/avahi: revert closing firewall port by default
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2305.section.xml | 10 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2305.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/avahi-daemon.nix | 5 |
3 files changed, 3 insertions, 14 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index cc330e2f88706..944ea12f7df68 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -90,16 +90,6 @@ <listitem> <para> The - <link linkend="opt-services.avahi.openFirewall">services.avahi.openFirewall</link> - module option default value has been changed from - <literal>true</literal> to <literal>false</literal>. You will - need to explicitely set this option to - <literal>true</literal>, or configure your firewall. - </para> - </listitem> - <listitem> - <para> - The <link linkend="opt-services.tmate-ssh-server.openFirewall">services.tmate-ssh-server.openFirewall</link> module option default value has been changed from <literal>true</literal> to <literal>false</literal>. You will diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 886db43c68eb6..2dd632fa7b92d 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -31,8 +31,6 @@ In addition to numerous new and upgraded packages, this release has the followin - The [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall. -- The [services.avahi.openFirewall](#opt-services.avahi.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall. - - The [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall. - The [services.unifi-video.openFirewall](#opt-services.unifi-video.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall. diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index 0875d8a85140a..3933ed5a2315a 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -103,16 +103,17 @@ in openFirewall = mkOption { type = types.bool; - default = false; + default = true; description = lib.mdDoc '' Whether to open the firewall for UDP port 5353. + Disabling this setting also disables discovering of network devices. ''; }; allowPointToPoint = mkOption { type = types.bool; default = false; - description= lib.mdDoc '' + description = lib.mdDoc '' Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large latencies with such links and opens a potential security hole by allowing mDNS access from Internet connections. |