Allow outgoing OpenPGP HTTP requests.

This commit is contained in:
Jeremy Gardais 2017-08-11 13:46:50 +02:00
parent b831267b8e
commit 93e4a2e939
3 changed files with 4 additions and 3 deletions

View File

@ -10,6 +10,7 @@
* Use more sets and vars definitions for input/output to avoid multiple rules.
* Allow outgoing icmp.
* Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
* Allow outgoing OpenPGP HTTP requests.
## v1.0

View File

@ -116,7 +116,7 @@ nft_define_default:
value: 'none'
output tcp accepted:
name: output_tcp_accept
value: '{ http, https }'
value: '{ http, https, hkp }'
output udp accepted:
name: output_udp_accept
value: '{ bootps, domain, ntp }'
@ -177,7 +177,7 @@ table inet firewall {
set output_tcp_accept {
type inet_service
flags interval
elements = { http, https}
elements = { http, https, hkp}
}
set output_udp_accept {

View File

@ -71,7 +71,7 @@ nft_define_default:
value: 'none'
output tcp accepted:
name: output_tcp_accept
value: '{ http, https }'
value: '{ http, https, hkp }'
output udp accepted:
name: output_udp_accept
value: '{ bootps, domain, ntp }'