Commit graph

7 commits

Author SHA1 Message Date
wonderfulShrineMaidenOfParadise
6e1dd3f820
main/postmarketos-config-nftables: subpackage vncserver (MR 2479)
Co-authored-by: clayton craft <clayton@craftyguy.net>
2021-09-01 11:28:33 +03:00
Clayton Craft
c1a6a6511b
postmarketos-config-nftables: allow DNS from wlan* (MR 2448)
This fixes DNS when a system is connected to a pmOS device as a hotspot.

The rule is in the default set of firewall rules, instead of a
subpackage.. I think this is OK. I don't believe anything should be
listening on port 53 except when the hotspot is running...
2021-08-21 20:33:52 +02:00
Martijn Braam
a52e82b3ee
main/postmarketos-config-nftables: fix hotspot with networkmanager (MR 2408)
The networkmanager hotspot needs to have DHCP input enabled on the wifi
interfaces so the temporary dnsmasq instance can work. The
networkmanager backend is also switched to the nftables one so it can
create the ad-hoc hotspot forwarding/masquerade table.
2021-08-07 16:54:59 +02:00
Clayton Craft
931ae03648
config-nftables: add rules for allowing usb inet access (MR 2274)
This rule is installed by default, since users that need usb inet won't
have an easy way to install a subpackage.

This is meant to facilitate:
https://wiki.postmarketos.org/wiki/USB_Internet
2021-06-25 23:00:11 -07:00
Clayton Craft
2a1b69db00
config-nftables-anbox: fix rule to allow matching on future iface (2274) (MR 2274)
The old rule would result in nftables failing to load if the iface
doesn't exist. Using `iifname` will match on any future ifaces if they
don't exist when the firewall starts.
2021-06-25 23:00:10 -07:00
samuel norbury
3960ad0c51
postmarketos-config-nftables: Add nftables rules for anbox (MR 2271)
Anbox needs a specific set of nftables rules to allow incoming and
outgoing traffic. Anbox makes it easy to allow the specific traffic due
to the established `anbox0` bridge network interface.
2021-06-23 21:18:28 +02:00
Clayton Craft
a772f7a5d4
postmarketos-config-nftables: add package for configuring nftables fw (MR 2060)
Installs nftables config useful for pmOS::

1) drop all connections to wwan* (wildcard matching supported, are there
   any other wwan iface names that wouldn't match this?)

2) allow ssh, drop from wwan (kinda redundant w/ the first rule, but
   doesn't hurt..), allow DHCP on usb*

3) allow all incoming connections on usb* (with the -openusb subpackage)

4) enable logging all nftable events (with the -log subpackage), very
   useful for debugging

fixes #1024
2021-06-14 13:29:34 -07:00