sonny/debian-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DNS related changes

Browse source 
- Added hostname provisioning
- Added nsswitch.conf provisioning
- Added systemd-resolved provisioning
This commit is contained in:
sonny 2025-03-06 02:49:11 +01:00
parent 98afd559fc
commit 8d8ae8f892
18 changed files with 120 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

8
templates/nftables.j2
View file

@ -27,6 +27,10 @@ table ip filter {
iifname "{{ network_interface }}" udp dport {{ vpn_port }} accept comment "Wireguard"
iifname "{{ network_interface }}" udp dport {{ vpn_media_port }} accept comment "Wireguard media"
# TODO: create combined rule
iifname "{{ vpn_interface }}" tcp dport 53 ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "DNS TCP"
iifname "{{ vpn_interface }}" udp dport 53 ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "DNS UDP"
iifname "{{ vpn_interface }}" tcp dport { {{ http_port }}, {{ https_port }} } ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "HTTP/HTTPS"
iifname "{{ vpn_interface }}" tcp dport {{ transmission_web_port }} ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "Transmission Web"
iifname "{{ vpn_interface }}" tcp dport { {{ syncthing_gui_port }}, {{ syncthing_protocol_port }} } ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "Syncthing"
@ -35,6 +39,10 @@ table ip filter {
iifname "{{ vpn_interface }}" tcp dport {{ mpd_http_stream_port }} ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "MPD HTTP stream"
iifname "{{ vpn_interface }}" tcp dport {{ mpd_http_mobile_stream_port }} ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "MPD HTTP mobile stream"
# TODO: create combined rule
iifname "{{ vpn_media_interface }}" tcp dport 53 ip saddr {{ vpn_media_source_range }} ip daddr {{ vpn_media_destination_range }} accept comment "DNS TCP"
iifname "{{ vpn_media_interface }}" udp dport 53 ip saddr {{ vpn_media_source_range }} ip daddr {{ vpn_media_destination_range }} accept comment "DNS UDP"
iifname "{{ vpn_media_interface }}" tcp dport {{ jellyfin_http_port }} ip saddr {{ vpn_media_source_range }} ip daddr {{ vpn_media_destination_range }} accept comment "Jellyfin HTTP"
iifname "{{ vpn_media_interface }}" tcp dport {{ jellyfin_service_port }} ip saddr {{ vpn_media_source_range }} ip daddr {{ vpn_media_destination_range }} accept comment "Jellyfin service discovery"
iifname "{{ vpn_media_interface }}" tcp dport {{ jellyfin_client_port }} ip saddr {{ vpn_media_source_range }} ip daddr {{ vpn_media_destination_range }} accept comment "Jellyfin client discovery"