nftables: extend notrack rules for ADoT changes

2025-01-03 11:00:49 -05:00 · 2024-01-19 12:51:35 -05:00 · 2024-01-19 12:51:35 -05:00 · 5ed0c02e99
commit 5ed0c02e99
parent a954a4a024
2 changed files with 4 additions and 4 deletions
--- a/nftables-ns1.conf
+++ b/nftables-ns1.conf
@ -8,7 +8,7 @@ table inet filter {

        iif lo notrack accept
        udp dport 53 notrack accept
-        tcp dport {22, 53} notrack accept
+        tcp dport {22, 53, 80, 443, 853} notrack accept
        meta l4proto {icmp, ipv6-icmp} notrack accept
    }

@ -17,7 +17,7 @@ table inet filter {

        oif lo notrack accept
        udp sport 53 notrack accept
-        tcp sport {22, 53} notrack accept
+        tcp sport {22, 53, 80, 443, 853} notrack accept
        meta l4proto {icmp, ipv6-icmp} notrack accept
    }

--- a/nftables-ns2.conf
+++ b/nftables-ns2.conf
@ -8,7 +8,7 @@ table inet filter {

        iif lo notrack accept
        udp dport 53 notrack accept
-        tcp dport {22, 53} notrack accept
+        tcp dport {22, 53, 80, 443, 853} notrack accept
        meta l4proto {icmp, ipv6-icmp} notrack accept
    }

@ -17,7 +17,7 @@ table inet filter {

        oif lo notrack accept
        udp sport 53 notrack accept
-        tcp sport {22, 53} notrack accept
+        tcp sport {22, 53, 80, 443, 853} notrack accept
        meta l4proto {icmp, ipv6-icmp} notrack accept
    }