Allow outgoing OpenPGP HTTP requests.

2017-08-11 13:46:50 +02:00 · 2017-08-11 13:46:50 +02:00 · 93e4a2e939
parent b831267b8e
commit 93e4a2e939
3 changed files with 4 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,7 @@
 * Use more sets and vars definitions for input/output to avoid multiple rules.
 * Allow outgoing icmp.
 * Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
+* Allow outgoing OpenPGP HTTP requests.

 ## v1.0

--- a/README.md
+++ b/README.md
@ -116,7 +116,7 @@ nft_define_default:
    value: 'none'
  output tcp accepted:
    name: output_tcp_accept
-    value: '{ http, https }'
+    value: '{ http, https, hkp }'
  output udp accepted:
    name: output_udp_accept
    value: '{ bootps, domain, ntp }'
@ -177,7 +177,7 @@ table inet firewall {
 	set output_tcp_accept {
 		type inet_service
 		flags interval
-		elements = { http, https}
+		elements = { http, https, hkp}
 	}

 	set output_udp_accept {
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -71,7 +71,7 @@ nft_define_default:
    value: 'none'
  output tcp accepted:
    name: output_tcp_accept
-    value: '{ http, https }'
+    value: '{ http, https, hkp }'
  output udp accepted:
    name: output_udp_accept
    value: '{ bootps, domain, ntp }'