pmaports/main/postmarketos-config-nftables/rules/51_hotspot.nft
Clayton Craft c1a6a6511b
postmarketos-config-nftables: allow DNS from wlan* (MR 2448)
This fixes DNS when a system is connected to a pmOS device as a hotspot.

The rule is in the default set of firewall rules, instead of a
subpackage.. I think this is OK. I don't believe anything should be
listening on port 53 except when the hotspot is running...
2021-08-21 20:33:52 +02:00

11 lines
241 B
Text

#!/usr/sbin/nft -f
table inet filter {
chain input {
# allow DNS from wlan*
iifname "wlan*" tcp dport 53 accept comment "Accept DNS over TCP on wlan*"
iifname "wlan*" udp dport 53 accept comment "Accept DNS over UDP on wlan*"
}
}