allow powerdns user to query pdns over loopback

This is being used by the pdns-trigger-health-checks script.
2025-11-29 02:46:32 -05:00 · 2025-10-23 13:52:58 -04:00 · 2025-10-23 13:52:58 -04:00 · 048ccb3fba
commit 048ccb3fba
parent 9c2183c794
2 changed files with 2 additions and 2 deletions
--- a/etc/nftables/nftables-ns1.conf
+++ b/etc/nftables/nftables-ns1.conf
@ -138,7 +138,7 @@ table inet filter {
        skuid { alpm, chrony, geoipupdate, zerotier-one } meta l4proto { tcp, udp } th sport >= 1024 th dport 53 notrack accept

        skuid powerdns meta l4proto { tcp, udp } th sport 54 th dport >= 1024 notrack accept
-        skuid dnsdist meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept
+        skuid { dnsdist, powerdns } meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept

        skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept

--- a/etc/nftables/nftables-ns2.conf
+++ b/etc/nftables/nftables-ns2.conf
@ -175,7 +175,7 @@ table inet filter {
        skuid { alpm, chrony, geoipupdate } meta l4proto { tcp, udp } th sport >= 1024 th dport 53 notrack accept

        skuid powerdns meta l4proto { tcp, udp } th sport 54 th dport >= 1024 notrack accept
-        skuid dnsdist meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept
+        skuid { dnsdist, powerdns } meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept

        skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept