From 048ccb3fbaf5c4e2ea1a2fc7cf62b6d7f5af4271 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Thu, 23 Oct 2025 13:52:58 -0400 Subject: [PATCH] allow powerdns user to query pdns over loopback This is being used by the pdns-trigger-health-checks script. --- etc/nftables/nftables-ns1.conf | 2 +- etc/nftables/nftables-ns2.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/nftables/nftables-ns1.conf b/etc/nftables/nftables-ns1.conf index 051cbb5..706c791 100644 --- a/etc/nftables/nftables-ns1.conf +++ b/etc/nftables/nftables-ns1.conf @@ -138,7 +138,7 @@ table inet filter { skuid { alpm, chrony, geoipupdate, zerotier-one } meta l4proto { tcp, udp } th sport >= 1024 th dport 53 notrack accept skuid powerdns meta l4proto { tcp, udp } th sport 54 th dport >= 1024 notrack accept - skuid dnsdist meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept + skuid { dnsdist, powerdns } meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept diff --git a/etc/nftables/nftables-ns2.conf b/etc/nftables/nftables-ns2.conf index 920b912..75c247b 100644 --- a/etc/nftables/nftables-ns2.conf +++ b/etc/nftables/nftables-ns2.conf @@ -175,7 +175,7 @@ table inet filter { skuid { alpm, chrony, geoipupdate } meta l4proto { tcp, udp } th sport >= 1024 th dport 53 notrack accept skuid powerdns meta l4proto { tcp, udp } th sport 54 th dport >= 1024 notrack accept - skuid dnsdist meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept + skuid { dnsdist, powerdns } meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept