nftables: add support for dnsdist control socket

2025-08-03 12:06:33 -04:00 · 2025-05-16 13:19:38 -04:00 · 2025-05-16 13:19:38 -04:00 · 5c41418606
commit 5c41418606
parent e75172d57c
2 changed files with 4 additions and 0 deletions
--- a/etc/nftables/nftables-ns1.conf
+++ b/etc/nftables/nftables-ns1.conf
@ -133,6 +133,8 @@ table inet filter {

        skuid powerdns meta l4proto tcp th sport 81 th dport >= 1024 notrack accept

+        skuid dnsdist meta l4proto tcp th sport 5199 th dport >= 1024 notrack accept
+
        skuid zerotier-one meta l4proto tcp th sport 9993 th dport >= 1024 notrack accept

        skuid != root counter goto graceful-reject
--- a/etc/nftables/nftables-ns2.conf
+++ b/etc/nftables/nftables-ns2.conf
@ -131,6 +131,8 @@ table inet filter {

        skuid powerdns meta l4proto tcp th sport 81 th dport >= 1024 notrack accept

+        skuid dnsdist meta l4proto tcp th sport 5199 th dport >= 1024 notrack accept
+
        skuid != root counter goto graceful-reject
        notrack accept
    }