From aa251818a2d8f42dd7020d1b2789605a6f5b658e Mon Sep 17 00:00:00 2001 From: Lu Wang Date: Sat, 14 Dec 2024 14:19:24 +0800 Subject: [PATCH] networking/netns: allow unprivileged users to create icmp sockets --- nixos/modules/networking/netns/common.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/networking/netns/common.nix b/nixos/modules/networking/netns/common.nix index 230a321..9380d7e 100644 --- a/nixos/modules/networking/netns/common.nix +++ b/nixos/modules/networking/netns/common.nix @@ -86,6 +86,7 @@ in ip netns exec ${name} sysctl -w net.ipv4.conf.all.forwarding=${enableIPv4Forwarding} ip netns exec ${name} sysctl -w net.ipv6.conf.default.forwarding=${enableIPv6Forwarding} ip netns exec ${name} sysctl -w net.ipv6.conf.all.forwarding=${enableIPv6Forwarding} + ip netns exec ${name} sysctl -w net.ipv4.ping_group_range="0 2147483647" ${concatMapStringsSep "\n" (addr: "ip -n ${name} addr add ${addr} dev ${interface}") address} ''; preStop = ''