allow geoipupdate internet access for discuss

2024-09-27 19:15:43 +00:00 · 2023-12-21 09:44:05 -05:00 · 2023-12-21 09:44:05 -05:00 · 5cef4a2aa6
commit 5cef4a2aa6
parent dc4101f3de
1 changed files with 2 additions and 2 deletions
--- a/nftables-discuss.conf
+++ b/nftables-discuss.conf
@ -44,12 +44,12 @@ table inet filter {
        type filter hook output priority filter

        oif lo goto output-internal
-        skuid != {root, systemd-network, unbound, chrony, http, flarum, flarum-admin} counter goto output-reject
+        skuid != {root, systemd-network, unbound, chrony, http, flarum, flarum-admin, geoipupdate} counter goto output-reject
    }

    chain output-internal {
        skuid unbound meta l4proto {tcp, udp} th sport 53 th dport >= 1024 accept
-        skuid {chrony, http, flarum, flarum-admin} meta l4proto {tcp, udp} th sport >= 1024 th dport 53 accept
+        skuid {chrony, http, flarum, flarum-admin, geoipupdate} meta l4proto {tcp, udp} th sport >= 1024 th dport 53 accept

        skuid != root counter goto output-reject
        accept