From e438d4a04f505adf63a453df7173278db6ee817c Mon Sep 17 00:00:00 2001
From: Klemens Nanni <klemens@posteo.de>
Date: Thu, 1 Oct 2020 19:32:46 +0200
Subject: nftables: Warn about correct firewall setting

services.networking.firewall might have existed during import of this
module in 2016, but it is unknown as of today.

Point to the proper boolean knob to avoid confusion.
---
 nixos/modules/services/networking/nftables.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nixos/modules/services/networking/nftables.nix')

diff --git a/nixos/modules/services/networking/nftables.nix b/nixos/modules/services/networking/nftables.nix
index ec9d9753cfe25..cb75142965eae 100644
--- a/nixos/modules/services/networking/nftables.nix
+++ b/nixos/modules/services/networking/nftables.nix
@@ -99,7 +99,7 @@ in
   config = mkIf cfg.enable {
     assertions = [{
       assertion = config.networking.firewall.enable == false;
-      message = "You can not use nftables with services.networking.firewall.";
+      message = "You can not use nftables and iptables at the same time. networking.firewall.enable must be set to false.";
     }];
     boot.blacklistedKernelModules = [ "ip_tables" ];
     environment.systemPackages = [ pkgs.nftables ];
-- 
cgit 1.4.1