mirror of
https://github.com/GrapheneOS/infrastructure.git
synced 2024-12-22 21:49:22 -05:00
allow NTP requests to network servers
This commit is contained in:
parent
04e7114468
commit
a74812ca6e
@ -8,6 +8,7 @@ table inet filter {
|
|||||||
|
|
||||||
iif lo notrack accept
|
iif lo notrack accept
|
||||||
tcp dport {22, 80, 443, 7275} notrack accept
|
tcp dport {22, 80, 443, 7275} notrack accept
|
||||||
|
udp dport 123 notrack accept;
|
||||||
meta l4proto {icmp, ipv6-icmp} notrack accept
|
meta l4proto {icmp, ipv6-icmp} notrack accept
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -16,6 +17,7 @@ table inet filter {
|
|||||||
|
|
||||||
oif lo notrack accept
|
oif lo notrack accept
|
||||||
tcp sport {22, 80, 443, 7275} notrack accept
|
tcp sport {22, 80, 443, 7275} notrack accept
|
||||||
|
udp sport 123 notrack accept;
|
||||||
meta l4proto {icmp, ipv6-icmp} notrack accept
|
meta l4proto {icmp, ipv6-icmp} notrack accept
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -26,6 +28,8 @@ table inet filter {
|
|||||||
iif lo accept
|
iif lo accept
|
||||||
tcp dport {22, 80, 443, 7275} ip daddr {{ipv4_address}} accept
|
tcp dport {22, 80, 443, 7275} ip daddr {{ipv4_address}} accept
|
||||||
tcp dport {22, 80, 443, 7275} ip6 daddr {{ipv6_address}} accept
|
tcp dport {22, 80, 443, 7275} ip6 daddr {{ipv6_address}} accept
|
||||||
|
udp dport 123 ip daddr {{ipv4_address}} accept
|
||||||
|
udp dport 123 ip6 daddr {{ipv6_address}} accept
|
||||||
meta l4proto {icmp, ipv6-icmp} accept
|
meta l4proto {icmp, ipv6-icmp} accept
|
||||||
|
|
||||||
ct state vmap { invalid : drop, established : accept, related : accept }
|
ct state vmap { invalid : drop, established : accept, related : accept }
|
||||||
|
Loading…
Reference in New Issue
Block a user