forge/pmaports
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions
pmaports/main/postmarketos-config-nftables/rules/51_anbox.nft

12 lines
356 B
Text
Raw Normal View History

postmarketos-config-nftables: Add nftables rules for anbox (MR 2271) Anbox needs a specific set of nftables rules to allow incoming and outgoing traffic. Anbox makes it easy to allow the specific traffic due to the established `anbox0` bridge network interface.
2021-06-23 17:40:46 +00:00
#!/usr/sbin/nft -f
table inet filter {
chain input {
config-nftables-anbox: fix rule to allow matching on future iface (2274) (MR 2274) The old rule would result in nftables failing to load if the iface doesn't exist. Using `iifname` will match on any future ifaces if they don't exist when the firewall starts.
2021-06-24 23:04:05 +00:00
iifname "anbox*" accept comment "Allow incoming network traffic from Anbox"
postmarketos-config-nftables: Add nftables rules for anbox (MR 2271) Anbox needs a specific set of nftables rules to allow incoming and outgoing traffic. Anbox makes it easy to allow the specific traffic due to the established `anbox0` bridge network interface.
2021-06-23 17:40:46 +00:00
}
chain forward {
config-nftables-anbox: fix rule to allow matching on future iface (2274) (MR 2274) The old rule would result in nftables failing to load if the iface doesn't exist. Using `iifname` will match on any future ifaces if they don't exist when the firewall starts.
2021-06-24 23:04:05 +00:00
iifname "anbox*" accept comment "Allow outgoing network traffic from Anbox"
postmarketos-config-nftables: Add nftables rules for anbox (MR 2271) Anbox needs a specific set of nftables rules to allow incoming and outgoing traffic. Anbox makes it easy to allow the specific traffic due to the established `anbox0` bridge network interface.
2021-06-23 17:40:46 +00:00
ct state {established, related} counter accept comment "accept established connections"
}
}
Reference in a new issue Copy permalink