Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-11-20 06:52:44 -05:00
Code Issues Projects Releases Packages Wiki Activity

nftables: drop obsolete postgres stat collector rules

Browse source 
PostgreSQL 15 removed the UDP-based statistics collector and replaced it
with a shared memory implementation.
This commit is contained in:
Daniel Micay 2025-08-22 13:14:00 -04:00
parent 66d5c7602d
commit 247f709df5
2 changed files with 0 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
etc/nftables/nftables-matrix.conf
View file

@ -111,8 +111,6 @@ table inet filter {
skuid unbound meta l4proto { tcp, udp } th sport 53 th dport >= 1024 th dport != 8008 notrack accept
skuid { alpm, chrony, synapse, matterbridge, mjolnir } meta l4proto { tcp, udp } th sport >= 1024 th sport != 8008 th dport 53 notrack accept
skuid postgres udp sport >= 1024 udp sport != 8008 udp dport >= 1024 udp dport != 8008 notrack accept
skuid synapse tcp sport 8008 tcp dport >= 1024 tcp dport != 8008 notrack accept
skuid http tcp sport >= 1024 tcp sport != 8008 tcp dport 8008 notrack accept

2
etc/nftables/nftables-social.conf
View file

@ -111,8 +111,6 @@ table inet filter {
skuid unbound meta l4proto { tcp, udp } th sport 53 th dport >= 1024 notrack accept
skuid { alpm, chrony, mastodon } meta l4proto { tcp, udp } th sport >= 1024 th dport 53 notrack accept
skuid postgres udp sport >= 1024 udp dport >= 1024 notrack accept
skuid != root counter goto graceful-reject
notrack accept
}