Git-Mirrors
/
graphene-os-server-infrastructure
mirror of https://github.com/GrapheneOS/infrastructure.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

reorganize nftables rules

This commit is contained in:
Daniel Micay 2024-04-05 19:14:05 -04:00
parent cf274f34d7
commit a6b9fa782b
9 changed files with 73 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nftables-attestation.conf
View File

@ -47,14 +47,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input {
type filter hook input priority filter
policy drop
@ -85,6 +77,14 @@ table inet filter {
policy drop
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output {
type filter hook output priority filter

16
nftables-discuss.conf
View File

@ -50,14 +50,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input {
type filter hook input priority filter
policy drop
@ -88,6 +80,14 @@ table inet filter {
policy drop
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output {
type filter hook output priority filter

16
nftables-mail.conf
View File

@ -47,14 +47,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport { 25, 465, 993 } notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input {
type filter hook input priority filter
policy drop
@ -85,6 +77,14 @@ table inet filter {
policy drop
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport { 25, 465, 993 } notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output {
type filter hook output priority filter

16
nftables-matrix.conf
View File

@ -47,14 +47,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input {
type filter hook input priority filter
policy drop
@ -85,6 +77,14 @@ table inet filter {
policy drop
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output {
type filter hook output priority filter

18
nftables-network.conf
View File

@ -50,15 +50,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport { 80, 443 } notrack accept
udp sport 123 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input {
type filter hook input priority filter
policy drop
@ -90,6 +81,15 @@ table inet filter {
policy drop
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport { 80, 443 } notrack accept
udp sport 123 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output {
type filter hook output priority filter

16
nftables-ns1.conf
View File

@ -47,14 +47,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
udp sport 53 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input {
type filter hook input priority filter
policy drop
@ -85,6 +77,14 @@ table inet filter {
policy drop
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
udp sport 53 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output {
type filter hook output priority filter

16
nftables-ns2.conf
View File

@ -52,14 +52,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
udp sport 53 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input {
type filter hook input priority filter
policy drop
@ -90,6 +82,14 @@ table inet filter {
policy drop
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
udp sport 53 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output {
type filter hook output priority filter

16
nftables-social.conf
View File

@ -47,14 +47,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input {
type filter hook input priority filter
policy drop
@ -85,6 +77,14 @@ table inet filter {
policy drop
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output {
type filter hook output priority filter

16
nftables-web.conf
View File

@ -51,14 +51,6 @@ table inet filter {
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain input {
type filter hook input priority filter
policy drop
@ -89,6 +81,14 @@ table inet filter {
policy drop
}
chain output-raw {
type filter hook output priority raw
oif lo notrack accept
tcp sport 443 notrack accept
meta l4proto { icmp, ipv6-icmp } notrack accept
}
chain output {
type filter hook output priority filter