diff --git a/nixos/modules/services/networking/mullvad-vpn.nix b/nixos/modules/services/networking/mullvad-vpn.nix index 8ce71f26b3ee..9ec1ddc929e1 100644 --- a/nixos/modules/services/networking/mullvad-vpn.nix +++ b/nixos/modules/services/networking/mullvad-vpn.nix @@ -9,6 +9,7 @@ with lib; default = false; description = '' This option enables Mullvad VPN daemon. + This sets to "loose", which might be undesirable for security. ''; }; @@ -18,6 +19,9 @@ with lib; # mullvad-daemon writes to /etc/iproute2/rt_tables networking.iproute2.enable = true; + # See https://github.com/NixOS/nixpkgs/issues/113589 + networking.firewall.checkReversePath = "loose"; + systemd.services.mullvad-daemon = { description = "Mullvad VPN daemon"; wantedBy = [ "multi-user.target" ]; @@ -42,5 +46,5 @@ with lib; }; }; - meta.maintainers = [ maintainers.xfix ]; + meta.maintainers = with maintainers; [ ymarkus ]; }