82f9e5ac97
Packets for local host IP ranges should be coming only over lo. If that is not the case, we should drop them. Use iif for the check instead of iifname, lo is guaranteed to exists, and iif is faster. * gnu/services/networking.scm (%default-nftables-ruleset): Tighten the rules. Signed-off-by: Ludovic Courtès <ludo@gnu.org> |
||
---|---|---|
.. | ||
admin.scm | ||
audio.scm | ||
auditd.scm | ||
authentication.scm | ||
avahi.scm | ||
base.scm | ||
certbot.scm | ||
cgit.scm | ||
ci.scm | ||
configuration.scm | ||
cuirass.scm | ||
cups.scm | ||
databases.scm | ||
dbus.scm | ||
desktop.scm | ||
dict.scm | ||
dns.scm | ||
docker.scm | ||
file-sharing.scm | ||
games.scm | ||
ganeti.scm | ||
getmail.scm | ||
guix.scm | ||
herd.scm | ||
hurd.scm | ||
kerberos.scm | ||
ldap.scm | ||
lightdm.scm | ||
linux.scm | ||
lirc.scm | ||
mail.scm | ||
mcron.scm | ||
messaging.scm | ||
monitoring.scm | ||
networking.scm | ||
nfs.scm | ||
nix.scm | ||
pam-mount.scm | ||
pm.scm | ||
rsync.scm | ||
samba.scm | ||
science.scm | ||
sddm.scm | ||
security-token.scm | ||
security.scm | ||
shepherd.scm | ||
sound.scm | ||
spice.scm | ||
ssh.scm | ||
syncthing.scm | ||
sysctl.scm | ||
telephony.scm | ||
version-control.scm | ||
virtualization.scm | ||
vnc.scm | ||
vpn.scm | ||
web.scm | ||
xorg.scm |