Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-05-17 14:10:28 -04:00
Code Issues Projects Releases Packages Wiki Activity

nftables: use notrack accept instead of notrack

Browse source
This commit is contained in:
Daniel Micay 2022-07-21 17:31:16 -04:00
parent f7da683012
commit fdf21af1ae
6 changed files with 38 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

12
nftables-attestation.conf
View file

@ -6,17 +6,17 @@ table inet filter {
chain prerouting-raw { chain prerouting-raw {
type filter hook prerouting priority raw type filter hook prerouting priority raw
iif lo notrack iif lo notrack accept
tcp dport {22, 80, 443} notrack tcp dport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain output-raw { chain output-raw {
type filter hook output priority raw type filter hook output priority raw
oif lo notrack oif lo notrack accept
tcp sport {22, 80, 443} notrack tcp sport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain input { chain input {

12
nftables-discuss.conf
View file

@ -6,17 +6,17 @@ table inet filter {
chain prerouting-raw { chain prerouting-raw {
type filter hook prerouting priority raw type filter hook prerouting priority raw
iif lo notrack iif lo notrack accept
tcp dport {22, 80, 443} notrack tcp dport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain output-raw { chain output-raw {
type filter hook output priority raw type filter hook output priority raw
oif lo notrack oif lo notrack accept
tcp sport {22, 80, 443} notrack tcp sport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain input { chain input {

16
nftables-dns.conf
View file

@ -6,19 +6,19 @@ table inet filter {
chain prerouting-raw { chain prerouting-raw {
type filter hook prerouting priority raw type filter hook prerouting priority raw
iif lo notrack iif lo notrack accept
udp dport 53 notrack udp dport 53 notrack accept
tcp dport {22, 53} notrack tcp dport {22, 53} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain output-raw { chain output-raw {
type filter hook output priority raw type filter hook output priority raw
oif lo notrack oif lo notrack accept
udp sport 53 notrack udp sport 53 notrack accept
tcp sport {22, 53} notrack tcp sport {22, 53} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain input { chain input {

12
nftables-mail.conf
View file

@ -6,17 +6,17 @@ table inet filter {
chain prerouting-raw { chain prerouting-raw {
type filter hook prerouting priority raw type filter hook prerouting priority raw
iif lo notrack iif lo notrack accept
tcp dport {22, 25, 80, 465, 993} notrack tcp dport {22, 25, 80, 465, 993} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain output-raw { chain output-raw {
type filter hook output priority raw type filter hook output priority raw
oif lo notrack oif lo notrack accept
tcp sport {22, 25, 80, 465, 993} notrack tcp sport {22, 25, 80, 465, 993} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain input { chain input {

12
nftables-matrix.conf
View file

@ -6,17 +6,17 @@ table inet filter {
chain prerouting-raw { chain prerouting-raw {
type filter hook prerouting priority raw type filter hook prerouting priority raw
iif lo notrack iif lo notrack accept
tcp dport {22, 80, 443} notrack tcp dport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain output-raw { chain output-raw {
type filter hook output priority raw type filter hook output priority raw
oif lo notrack oif lo notrack accept
tcp sport {22, 80, 443} notrack tcp sport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain input { chain input {

12
nftables-web.conf
View file

@ -6,17 +6,17 @@ table inet filter {
chain prerouting-raw { chain prerouting-raw {
type filter hook prerouting priority raw type filter hook prerouting priority raw
iif lo notrack iif lo notrack accept
tcp dport {22, 80, 443} notrack tcp dport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain output-raw { chain output-raw {
type filter hook output priority raw type filter hook output priority raw
oif lo notrack oif lo notrack accept
tcp sport {22, 80, 443} notrack tcp sport {22, 80, 443} notrack accept
meta l4proto {icmp, ipv6-icmp} notrack meta l4proto {icmp, ipv6-icmp} notrack accept
} }
chain input { chain input {