pmaports/main/postmarketos-config-nftables/rules/50_ssh.nft

#!/usr/sbin/nft -f

table inet filter {
	chain input {

		# drop ssh from wwan
		iifname "wwan*" tcp dport 22 drop comment "drop SSH from wwan"

		# allow ssh
		tcp dport 22 accept comment "accept SSH"

	}
}
postmarketos-config-nftables: add package for configuring nftables fw (MR 2060) Installs nftables config useful for pmOS:: 1) drop all connections to wwan* (wildcard matching supported, are there any other wwan iface names that wouldn't match this?) 2) allow ssh, drop from wwan (kinda redundant w/ the first rule, but doesn't hurt..), allow DHCP on usb* 3) allow all incoming connections on usb* (with the -openusb subpackage) 4) enable logging all nftable events (with the -log subpackage), very useful for debugging fixes #1024 2021-03-26 02:59:23 +00:00			`#!/usr/sbin/nft -f`

			`table inet filter {`
			`chain input {`

			`# drop ssh from wwan`
			`iifname "wwan*" tcp dport 22 drop comment "drop SSH from wwan"`

			`# allow ssh`
			`tcp dport 22 accept comment "accept SSH"`

			`}`
			`}`