sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

accept podman traffic

Browse Source
This commit is contained in:
soraefir
2026-05-08 01:49:31 +02:00
parent cb29056296
commit fe93cb708e
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/server/nftables/default.nix
View File

@@ -20,6 +20,7 @@ in{
type filter hook input priority filter; policy drop; type filter hook input priority filter; policy drop;
ct state established,related accept ct state established,related accept
iifname "lo" accept iifname "lo" accept
iifname { "podman*", "veth*" } accept
tcp dport {422, 22} accept tcp dport {422, 22} accept
${if builtins.length DBallApps > 0 then ''tcp dport {5432, 6379} ip saddr { 10.0.0.0/8, 169.254.0.0/16 } accept'' else ""} ${if builtins.length DBallApps > 0 then ''tcp dport {5432, 6379} ip saddr { 10.0.0.0/8, 169.254.0.0/16 } accept'' else ""}
${if cfg.web then ''tcp dport {80, 443} accept ${if cfg.web then ''tcp dport {80, 443} accept