System build fails with enabled nftables firewall backend (nftables.enable = true).
error: Cannot build '/nix/store/3bakhjz9pg654nnnaa975m36kq74ds8v-nftables-rules.drv'.
Reason: builder failed with exit code 1.
Output paths:
/nix/store/s7f4mvvhff9r7bv2jkhrnk9yn169sw7k-nftables-rules
Last 12 log lines:
> ruleset.conf:58:12-12: Error: syntax error, unexpected +, expecting newline or semicolon
> iifname ve-+ tcp dport { 5353 } accept
> ^
> ruleset.conf:59:12-12: Error: syntax error, unexpected +, expecting newline or semicolon
> iifname ve-+ udp dport { 67, 5353 } accept
> ^
> ruleset.conf:60:12-12: Error: syntax error, unexpected +, expecting newline or semicolon
> iifname vz-+ tcp dport { 5353 } accept
> ^
> ruleset.conf:61:12-12: Error: syntax error, unexpected +, expecting newline or semicolon
> iifname vz-+ udp dport { 67, 5353 } accept
>
This is caused by the usage of the iptables-specific network interface wildcard character +. nftables uses *.
nixos 25.11 added firewalld as another firewall backend, I'm not sure which wildcard character that supports. Redhat's docs on that are behind a paywall and I have never used firewalld personally.
System build fails with enabled nftables firewall backend (
nftables.enable = true).This is caused by the usage of the iptables-specific network interface wildcard character
+. nftables uses*.nixos 25.11 added firewalld as another firewall backend, I'm not sure which wildcard character that supports. Redhat's docs on that are behind a paywall and I have never used firewalld personally.