Updated efg.pm.f30 (added a missing nft rule).

author Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>

Mon, 5 Aug 2019 08:25:54 +0000 (10:25 +0200)

committer Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>

Mon, 5 Aug 2019 08:25:54 +0000 (10:25 +0200)
author Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Mon, 5 Aug 2019 08:25:54 +0000 (10:25 +0200)
committer Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Mon, 5 Aug 2019 08:25:54 +0000 (10:25 +0200)
diff --git a/sources/efg.pm.f30/firstboot/nftables.config b/sources/efg.pm.f30/firstboot/nftables.config

index 0043e6b5e56302c9eba5a3e47f9bdf4517407fa6..59b6b17fdaef64165953c763580df63062b11d5c 100644 (file)
--- a/sources/efg.pm.f30/firstboot/nftables.config
+++ b/sources/efg.pm.f30/firstboot/nftables.config
@@ -200,6 +200,13 @@ add rule inet efg_filter forward \
      oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IP tcp dport $WS_PORTS \
      counter accept comment "Incoming http(s) requests"
  
+add rule inet efg_filter forward \
+    ct state established \
+    ip protocol tcp \
+    iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IP tcp sport WS_PORTS \
+    oifname $EXTERNAL_IF tcp dport 1024-65535 \
+    counter accept comment "Outgoing http(s) replies"
+
  add rule inet efg_filter forward \
      ip protocol udp \
      iifname $EXTERNAL_IF udp sport 1024-65535 \
author	Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
	Mon, 5 Aug 2019 08:25:54 +0000 (10:25 +0200)
committer	Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
	Mon, 5 Aug 2019 08:25:54 +0000 (10:25 +0200)