Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-11-19 06:23:41 -05:00
Code Issues Projects Releases Packages Wiki Activity

nftables: pdns webserver moved to Unix socket

Browse source
This commit is contained in:
Daniel Micay 2025-08-22 12:43:38 -04:00
parent 124dd54ef5
commit 4bf3955b38
2 changed files with 0 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
etc/nftables/nftables-ns1.conf
View file

@ -131,8 +131,6 @@ table inet filter {
skuid powerdns meta l4proto { tcp, udp } th sport 54 th dport >= 1024 notrack accept skuid powerdns meta l4proto { tcp, udp } th sport 54 th dport >= 1024 notrack accept
skuid dnsdist meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept skuid dnsdist meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept
skuid powerdns tcp sport 81 tcp dport >= 1024 notrack accept
skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept
skuid zerotier-one tcp sport 999 tcp dport >= 1024 notrack accept skuid zerotier-one tcp sport 999 tcp dport >= 1024 notrack accept

2
etc/nftables/nftables-ns2.conf
View file

@ -129,8 +129,6 @@ table inet filter {
skuid powerdns meta l4proto { tcp, udp } th sport 54 th dport >= 1024 notrack accept skuid powerdns meta l4proto { tcp, udp } th sport 54 th dport >= 1024 notrack accept
skuid dnsdist meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept skuid dnsdist meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept
skuid powerdns tcp sport 81 tcp dport >= 1024 notrack accept
skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept
skuid != root counter goto graceful-reject skuid != root counter goto graceful-reject