From 07dca7919d74323745f968c6e7ce14d15ba88a64 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Wed, 10 Aug 2022 11:13:31 -0400
Subject: [PATCH] reorder network allowlists for consistency

---
 nftables-attestation.conf | 2 +-
 nftables-discuss.conf     | 2 +-
 nftables-dns.conf         | 2 +-
 nftables-mail.conf        | 2 +-
 nftables-matrix.conf      | 2 +-
 nftables-web.conf         | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/nftables-attestation.conf b/nftables-attestation.conf
index ec581a6..bccfa82 100644
--- a/nftables-attestation.conf
+++ b/nftables-attestation.conf
@@ -44,7 +44,7 @@ table inet filter {
         type filter hook output priority filter
 
         oif lo goto output-internal
-        skuid != {root, systemd-network, chrony, unbound, http, attestation} counter goto output-reject
+        skuid != {root, systemd-network, unbound, chrony, http, attestation} counter goto output-reject
     }
 
     chain output-internal {
diff --git a/nftables-discuss.conf b/nftables-discuss.conf
index 6bf7352..12fba04 100644
--- a/nftables-discuss.conf
+++ b/nftables-discuss.conf
@@ -44,7 +44,7 @@ table inet filter {
         type filter hook output priority filter
 
         oif lo goto output-internal
-        skuid != {root, systemd-network, chrony, unbound, http, flarum, flarum-admin} counter goto output-reject
+        skuid != {root, systemd-network, unbound, chrony, http, flarum, flarum-admin} counter goto output-reject
     }
 
     chain output-internal {
diff --git a/nftables-dns.conf b/nftables-dns.conf
index 455225d..685cf38 100644
--- a/nftables-dns.conf
+++ b/nftables-dns.conf
@@ -48,7 +48,7 @@ table inet filter {
         type filter hook output priority filter
 
         oif lo goto output-internal
-        skuid != {root, systemd-network, chrony, unbound, powerdns, geoipupdate} counter goto output-reject
+        skuid != {root, systemd-network, unbound, chrony, powerdns, geoipupdate} counter goto output-reject
     }
 
     chain output-internal {
diff --git a/nftables-mail.conf b/nftables-mail.conf
index 0ebd5b0..f6a05df 100644
--- a/nftables-mail.conf
+++ b/nftables-mail.conf
@@ -44,7 +44,7 @@ table inet filter {
         type filter hook output priority filter
 
         oif lo goto output-internal
-        skuid != {root, systemd-network, chrony, unbound, postfix, dovecot, dovenull} counter goto output-reject
+        skuid != {root, systemd-network, unbound, chrony, postfix, dovecot, dovenull} counter goto output-reject
     }
 
     chain output-internal {
diff --git a/nftables-matrix.conf b/nftables-matrix.conf
index 5d6b87f..963b453 100644
--- a/nftables-matrix.conf
+++ b/nftables-matrix.conf
@@ -44,7 +44,7 @@ table inet filter {
         type filter hook output priority filter
 
         oif lo goto output-internal
-        skuid != {root, systemd-network, chrony, unbound, http, synapse, matterbridge} counter goto output-reject
+        skuid != {root, systemd-network, unbound, chrony, http, synapse, matterbridge} counter goto output-reject
     }
 
     chain output-internal {
diff --git a/nftables-web.conf b/nftables-web.conf
index 5f08aa7..78ec589 100644
--- a/nftables-web.conf
+++ b/nftables-web.conf
@@ -44,7 +44,7 @@ table inet filter {
         type filter hook output priority filter
 
         oif lo goto output-internal
-        skuid != {root, systemd-network, chrony, unbound, http} counter goto output-reject
+        skuid != {root, systemd-network, unbound, chrony, http} counter goto output-reject
     }
 
     chain output-internal {