Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-06-29 07:42:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
367 Commits 1 Branch 0 Tags 1.7 MiB
16ef317460
Commit Graph

16 Commits

Author SHA1 Message Date
Daniel Micay
16ef317460 nftables: rename output-reject to graceful-reject 2024-03-27 12:31:09 -04:00
Daniel Micay
14e9cd5b76 use standard style for nftables sets 2024-03-24 16:23:54 -04:00
Daniel Micay
7b64ffd4cd simplify nftables based on strong host model 2024-03-24 15:22:00 -04:00
Daniel Micay
59984a477c enforce strong host model via nftables 2024-03-24 14:36:24 -04:00
Daniel Micay
ec2cbbdb4e enforce strict reverse path filtering via nftables 2024-03-23 13:35:49 -04:00
Daniel Micay
cea56c8acd fix matrix.grapheneos.org loopback nftables rules 2022-12-25 19:03:41 -05:00
Daniel Micay
07dca7919d reorder network allowlists for consistency 2022-08-10 11:13:31 -04:00
Daniel Micay
6081f9fa73 allow synapse to connect to nginx via loopback 
For an unknown reason, synapse occasionally tries to connect to
matrix.grapheneos.org which ends up being routed via the loopback
interface. For now, allow this to avoid rejected packets.
 2022-07-26 19:30:33 -04:00
Daniel Micay
984d0f200f nftables: implement loopback access control 2022-07-25 20:47:29 -04:00
Daniel Micay
ad6e998ec2 nftables: filter input service traffic by dst addr 2022-07-21 19:32:43 -04:00
Daniel Micay
fdf21af1ae nftables: use notrack accept instead of notrack 2022-07-21 17:31:16 -04:00
Daniel Micay
f7da683012 nftables: simplify ICMP handling 2022-07-18 22:14:35 -04:00
Daniel Micay
32074453eb nftables: use numeric port format 2022-06-30 07:02:34 -04:00
Daniel Micay
01f9274fc4 nftables: implement output filtering for loopback 2022-06-30 06:41:52 -04:00
Daniel Micay
e0ab41c4f4 nftables: friendlier output traffic filtering 2022-06-29 21:27:01 -04:00
Daniel Micay
3ca0c347c6 add baseline nftables configurations 2022-06-29 10:53:07 -04:00