mirror of
https://github.com/GrapheneOS/infrastructure.git
synced 2024-12-22 21:49:22 -05:00
use dedicated geoipupdate user
This commit is contained in:
parent
6081f9fa73
commit
54b52a3655
@ -48,12 +48,12 @@ table inet filter {
|
||||
type filter hook output priority filter
|
||||
|
||||
oif lo goto output-internal
|
||||
skuid != {root, systemd-network, chrony, unbound, powerdns} counter goto output-reject
|
||||
skuid != {root, systemd-network, chrony, unbound, powerdns, geoipupdate} counter goto output-reject
|
||||
}
|
||||
|
||||
chain output-internal {
|
||||
skuid unbound meta l4proto {tcp, udp} th sport 53 th dport >= 1024 accept
|
||||
skuid {chrony, powerdns} meta l4proto {tcp, udp} th sport >= 1024 th dport 53 accept
|
||||
skuid {chrony, powerdns, geoipupdate} meta l4proto {tcp, udp} th sport >= 1024 th dport 53 accept
|
||||
|
||||
skuid != root counter goto output-reject
|
||||
accept
|
||||
|
Loading…
Reference in New Issue
Block a user