Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-06-18 10:29:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
419 Commits 1 Branch 0 Tags 1.6 MiB
398acc6fe8
Commit Graph

4 Commits

Author SHA1 Message Date
Daniel Micay
398acc6fe8 nftables: drop instead of reject for unused ports 
This provides consistency with DDoS protection services placed in front
of the services rather than the behavior changing based on whether DDoS
protection is active. This doesn't help with protecting against attacks
since they'll almost always be targeting ports with services active or
exhausting inbound bandwidth via UDP reflection attacks. This appears to
be the standard approach used by most large tech companies.
 2024-04-19 13:54:12 -04:00
Daniel Micay
741ea728ea nftables: move output skuid checks to raw phase 
This is a minor simplification and also a minor optimization.
 2024-04-17 15:28:16 -04:00
Daniel Micay
dade50c832 nftables: drop unnecessary ssh localhost allowlist 2024-04-15 22:38:36 -04:00
Daniel Micay
bd6f127acf move nftables configuration to a directory 2024-04-12 21:33:35 -04:00