Maurice/alpine-server-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix rootfull podman containers

Browse Source
This commit is contained in:
Maurice
2025-09-30 20:38:03 +02:00
parent 313284fafd
commit ece655263e
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
services/firewall/rules.nft
View File

@@ -53,7 +53,7 @@ table inet firewall {
type filter hook input priority 0; policy drop; type filter hook input priority 0; policy drop;
ct state invalid drop # early drop of invalid packets ct state invalid drop # early drop of invalid packets
ct state { established, related } accept # allow established/related connections ct state { established, related } accept # allow established/related connections
iif lo accept # allow traffic from loopback interface iif lo accept # allow traffic from loopback interface
@@ -97,6 +97,9 @@ table inet firewall {
iifname $vpn ip daddr $lan_net drop # Block all other VPN clients from accessing the LAN network iifname $vpn ip daddr $lan_net drop # Block all other VPN clients from accessing the LAN network
iifname $vpn oifname $wan accept # Allow VPN traffic to access WAN iifname $vpn oifname $wan accept # Allow VPN traffic to access WAN
iifname "podman*" accept # allow traffic from podman interfaces (podman0, podman1, ...)
oifname "podman*" accept # allow traffic to podman interfaces (podman0, podman1, ...)
} }
chain outgoing { chain outgoing {