From 4bf3955b386f6d0276f10a123973ccdb835ff80e Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Fri, 22 Aug 2025 12:43:38 -0400
Subject: [PATCH] nftables: pdns webserver moved to Unix socket

---
 etc/nftables/nftables-ns1.conf | 2 --
 etc/nftables/nftables-ns2.conf | 2 --
 2 files changed, 4 deletions(-)

diff --git a/etc/nftables/nftables-ns1.conf b/etc/nftables/nftables-ns1.conf
index fe23ed6..fa4fe9c 100644
--- a/etc/nftables/nftables-ns1.conf
+++ b/etc/nftables/nftables-ns1.conf
@@ -131,8 +131,6 @@ table inet filter {
         skuid powerdns meta l4proto { tcp, udp } th sport 54 th dport >= 1024 notrack accept
         skuid dnsdist meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept
 
-        skuid powerdns tcp sport 81 tcp dport >= 1024 notrack accept
-
         skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept
 
         skuid zerotier-one tcp sport 999 tcp dport >= 1024 notrack accept
diff --git a/etc/nftables/nftables-ns2.conf b/etc/nftables/nftables-ns2.conf
index c2315ba..394d8e3 100644
--- a/etc/nftables/nftables-ns2.conf
+++ b/etc/nftables/nftables-ns2.conf
@@ -129,8 +129,6 @@ table inet filter {
         skuid powerdns meta l4proto { tcp, udp } th sport 54 th dport >= 1024 notrack accept
         skuid dnsdist meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept
 
-        skuid powerdns tcp sport 81 tcp dport >= 1024 notrack accept
-
         skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept
 
         skuid != root counter goto graceful-reject