Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-12-16 08:54:02 -05:00
Code Issues Projects Releases Packages Wiki Activity

remove PowerDNS for unbound nftables allowlist

Browse source 
The unnecessary security polling has been disabled so it doesn't need
this anymore.
This commit is contained in:
Daniel Micay 2022-09-10 18:11:58 -04:00
parent 9a69263f6b
commit 6c58739dc8
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nftables-dns.conf
View file

@ -53,7 +53,7 @@ table inet filter {
chain output-internal { chain output-internal {
skuid unbound meta l4proto {tcp, udp} th sport 53 th dport >= 1024 accept skuid unbound meta l4proto {tcp, udp} th sport 53 th dport >= 1024 accept
skuid {chrony, powerdns, geoipupdate} meta l4proto {tcp, udp} th sport >= 1024 th dport 53 accept skuid {chrony, geoipupdate} meta l4proto {tcp, udp} th sport >= 1024 th dport 53 accept
skuid != root counter goto output-reject skuid != root counter goto output-reject
accept accept