I have a pair of commands in firewall.extra{Start,Stop}Commands. They look like this now
extraCommands = ''
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o enp0s3 -j MASQUERADE
'';
extraStopCommands = ''
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o enp0s3 -j MASQUERADE
'';
and they used to look like this (different interface name)
extraCommands = ''
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
'';
extraStopCommands = ''
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
'';
when I did nixos-rebuild switch, the old rule was not taken down correctly. My (unconfirmed) suspicion is that the new value of extraStopCommands was used, which didn't work because it doesn't match the rule that the old value of extraStartCommands added.
I have a pair of commands in firewall.extra{Start,Stop}Commands. They look like this now
and they used to look like this (different interface name)
when I did nixos-rebuild switch, the old rule was not taken down correctly. My (unconfirmed) suspicion is that the new value of extraStopCommands was used, which didn't work because it doesn't match the rule that the old value of extraStartCommands added.