pmaports/main/postmarketos-config-nftables/rules/51_hotspot.nft

#!/usr/sbin/nft -f

table inet filter {
	chain input {

		# allow DNS from wlan*
		iifname "wlan*" tcp dport 53 accept comment "Accept DNS over TCP on wlan*"
		iifname "wlan*" udp dport 53 accept comment "Accept DNS over UDP on wlan*"

	}
}
postmarketos-config-nftables: allow DNS from wlan* (MR 2448) This fixes DNS when a system is connected to a pmOS device as a hotspot. The rule is in the default set of firewall rules, instead of a subpackage.. I think this is OK. I don't believe anything should be listening on port 53 except when the hotspot is running... 2021-08-18 00:06:56 +00:00			`#!/usr/sbin/nft -f`

			`table inet filter {`
			`chain input {`

			`# allow DNS from wlan*`
			`iifname "wlan" tcp dport 53 accept comment "Accept DNS over TCP on wlan"`
			`iifname "wlan" udp dport 53 accept comment "Accept DNS over UDP on wlan"`

			`}`
			`}`