nixos/sshguard: depends on iptables even when nftables is used #471173
Description
Nixpkgs version
- Stable (25.11)
Describe the bug
When the firewall is enabled, the module pulls in iptables even when nftables is used instead. This is due to the preStart and postStop hooks that use iptables and ipset
Steps to reproduce
set networking.nftables.enable = true and services.sshguard.enable = true; and see that iptables is also pulled in
Expected behaviour
iptables would not be pulled in
Screenshots
No response
Relevant log output
Additional context
No response
System metadata
- system:
"x86_64-linux" - host os:
Linux 6.12.60, NixOS, 25.11 (Xantusia), 25.11.20251215.c8cfcd6 - multi-user?:
yes - sandbox:
yes - version:
nix-env (Nix) 2.31.2 - nixpkgs:
/nix/store/1pga6kbxmh6i8pylg4w7k88xksx3lwvx-source
Notify maintainers
@sargon (as package maintainer, the module seems to be without maintainership)
Note for maintainers: Please tag this issue in your pull request description. (i.e. Resolves #ISSUE.)
I assert that this issue is relevant for Nixpkgs
- I assert that this is a bug and not a support request.
- I assert that this is not a duplicate of an existing issue.
- I assert that I have read the NixOS Code of Conduct and agree to abide by it.
Is this issue important to you?
Add a 👍 reaction to issues you find important.