From 6a43d512918e6449cb55fd10cdf7baf634e0ed87 Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <william@wkennington.com>
Date: Mon, 15 Sep 2014 21:29:46 -0700
Subject: [PATCH] nixos/firewall: Support extraStopCommands

---
 nixos/modules/services/networking/firewall.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix
index b97ec8b4d43a..eaf48b9c6e5b 100644
--- a/nixos/modules/services/networking/firewall.nix
+++ b/nixos/modules/services/networking/firewall.nix
@@ -240,6 +240,18 @@ in
         '';
     };
 
+    networking.firewall.extraStopCommands = mkOption {
+      type = types.lines;
+      default = "";
+      example = "iptables -P INPUT ACCEPT";
+      description =
+        ''
+          Additional shell commands executed as part of the firewall
+          shutdown script.  These are executed just after the removal
+          of the nixos input rule.
+        '';
+    };
+
   };
 
 
@@ -432,6 +444,7 @@ in
           ''
             ${helpers}
             ip46tables -D INPUT -j nixos-fw || true
+            ${cfg.extraStopCommands}
           '';
       };