From 5cef4a2aa6f5472fc67303272319c693bb21dd15 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Thu, 21 Dec 2023 09:44:05 -0500
Subject: [PATCH] allow geoipupdate internet access for discuss

---
 nftables-discuss.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nftables-discuss.conf b/nftables-discuss.conf
index 12fba04..5f23611 100644
--- a/nftables-discuss.conf
+++ b/nftables-discuss.conf
@@ -44,12 +44,12 @@ table inet filter {
         type filter hook output priority filter
 
         oif lo goto output-internal
-        skuid != {root, systemd-network, unbound, chrony, http, flarum, flarum-admin} counter goto output-reject
+        skuid != {root, systemd-network, unbound, chrony, http, flarum, flarum-admin, geoipupdate} counter goto output-reject
     }
 
     chain output-internal {
         skuid unbound meta l4proto {tcp, udp} th sport 53 th dport >= 1024 accept
-        skuid {chrony, http, flarum, flarum-admin} meta l4proto {tcp, udp} th sport >= 1024 th dport 53 accept
+        skuid {chrony, http, flarum, flarum-admin, geoipupdate} meta l4proto {tcp, udp} th sport >= 1024 th dport 53 accept
 
         skuid != root counter goto output-reject
         accept