Daniel Micay
14e9cd5b76
use standard style for nftables sets
2024-03-24 16:23:54 -04:00
Daniel Micay
7b64ffd4cd
simplify nftables based on strong host model
2024-03-24 15:22:00 -04:00
Daniel Micay
59984a477c
enforce strong host model via nftables
2024-03-24 14:36:24 -04:00
Daniel Micay
ec2cbbdb4e
enforce strict reverse path filtering via nftables
2024-03-23 13:35:49 -04:00
Daniel Micay
cea56c8acd
fix matrix.grapheneos.org loopback nftables rules
2022-12-25 19:03:41 -05:00
Daniel Micay
07dca7919d
reorder network allowlists for consistency
2022-08-10 11:13:31 -04:00
Daniel Micay
6081f9fa73
allow synapse to connect to nginx via loopback
...
For an unknown reason, synapse occasionally tries to connect to
matrix.grapheneos.org which ends up being routed via the loopback
interface. For now, allow this to avoid rejected packets.
2022-07-26 19:30:33 -04:00
Daniel Micay
984d0f200f
nftables: implement loopback access control
2022-07-25 20:47:29 -04:00
Daniel Micay
ad6e998ec2
nftables: filter input service traffic by dst addr
2022-07-21 19:32:43 -04:00
Daniel Micay
fdf21af1ae
nftables: use notrack accept instead of notrack
2022-07-21 17:31:16 -04:00
Daniel Micay
f7da683012
nftables: simplify ICMP handling
2022-07-18 22:14:35 -04:00
Daniel Micay
32074453eb
nftables: use numeric port format
2022-06-30 07:02:34 -04:00
Daniel Micay
01f9274fc4
nftables: implement output filtering for loopback
2022-06-30 06:41:52 -04:00
Daniel Micay
e0ab41c4f4
nftables: friendlier output traffic filtering
2022-06-29 21:27:01 -04:00
Daniel Micay
3ca0c347c6
add baseline nftables configurations
2022-06-29 10:53:07 -04:00