From 18bc8203a10720a4db98670cbcbe75aa0579c145 Mon Sep 17 00:00:00 2001
From: Pierre Bourdon <delroth@gmail.com>
Date: Sat, 9 Mar 2019 19:59:01 +0100
Subject: [PATCH] nixos/firewall: canonicalize firewall ports lists

Fixes #56086.
---
 nixos/modules/services/networking/firewall.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix
index 73feba242a11..4ea891262e56 100644
--- a/nixos/modules/services/networking/firewall.nix
+++ b/nixos/modules/services/networking/firewall.nix
@@ -261,10 +261,14 @@ let
     fi
   '';
 
+  canonicalizePortList =
+    ports: lib.unique (builtins.sort builtins.lessThan ports);
+
   commonOptions = {
     allowedTCPPorts = mkOption {
       type = types.listOf types.port;
       default = [ ];
+      apply = canonicalizePortList;
       example = [ 22 80 ];
       description =
         '' 
@@ -287,6 +291,7 @@ let
     allowedUDPPorts = mkOption {
       type = types.listOf types.port;
       default = [ ];
+      apply = canonicalizePortList;
       example = [ 53 ];
       description =
         ''