Commit graph

2 commits

Author SHA1 Message Date
Raymond Hackley
db00e85baf
main/postmarketos-config-nftables: 50_*.nft: drop unused wwan rules (MR 3594)
There is "iifname "wwan*" drop" defined in 01_wwan.nft, which drops
any not "established, related" incoming packet from WWAN.

[ci:skip-build]: already built successfully in CI
2022-11-03 07:48:33 +01:00
Clayton Craft
a772f7a5d4
postmarketos-config-nftables: add package for configuring nftables fw (MR 2060)
Installs nftables config useful for pmOS::

1) drop all connections to wwan* (wildcard matching supported, are there
   any other wwan iface names that wouldn't match this?)

2) allow ssh, drop from wwan (kinda redundant w/ the first rule, but
   doesn't hurt..), allow DHCP on usb*

3) allow all incoming connections on usb* (with the -openusb subpackage)

4) enable logging all nftable events (with the -log subpackage), very
   useful for debugging

fixes #1024
2021-06-14 13:29:34 -07:00