Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-05-12 11:42:18 -04:00
Code Issues Projects Releases Packages Wiki Activity

switch to unix domain sockets for mastodon

Browse source
This commit is contained in:
Daniel Micay 2023-02-15 03:08:06 -05:00
parent 53b2431f6b
commit 312b1a027b
2 changed files with 3 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
nftables-social.conf
View file

@ -48,13 +48,10 @@ table inet filter {
} }
chain output-internal { chain output-internal {
skuid unbound meta l4proto {tcp, udp} th sport 53 th dport >= 1024 th dport != {3000, 4000} accept skuid unbound meta l4proto {tcp, udp} th sport 53 th dport >= 1024 accept
skuid {chrony, mastodon} meta l4proto {tcp, udp} th sport >= 1024 th sport != {3000, 4000} th dport 53 accept skuid {chrony, mastodon} meta l4proto {tcp, udp} th sport >= 1024 th dport 53 accept
skuid postgres udp sport >= 1024 udp sport != {3000, 4000} udp dport >= 1024 udp dport != {3000, 4000} accept skuid postgres udp sport >= 1024 udp dport >= 1024 accept
skuid mastodon tcp sport {3000, 4000} tcp dport >= 1024 tcp dport != {3000, 4000} accept
skuid http tcp sport >= 1024 tcp sport != {3000, 4000} tcp dport {3000, 4000} accept
skuid != root counter goto output-reject skuid != root counter goto output-reject
accept accept

2
unbound.conf
View file

@ -8,8 +8,6 @@ server:
hide-identity: yes hide-identity: yes
hide-version: yes hide-version: yes
outgoing-port-permit: 1024-65535 outgoing-port-permit: 1024-65535
outgoing-port-avoid: 3000 # mastodon web
outgoing-port-avoid: 4000 # mastodon streaming
outgoing-port-avoid: 7275 # supl outgoing-port-avoid: 7275 # supl
outgoing-port-avoid: 8008 # synapse outgoing-port-avoid: 8008 # synapse
outgoing-port-avoid: 8080 # attestation outgoing-port-avoid: 8080 # attestation