Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Change osbuildapi set table to the ip filter table.

Browse source 
Signed-off-by: James Antill <james@and.org>
This commit is contained in:
James Antill 2025-03-03 17:08:20 -05:00
parent 224d98cbb0
commit ca18224faa
2 changed files with 4 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
roles/base/templates/nftables/nftables.kojibuilder
View file

@ -32,8 +32,7 @@ add rule ip filter INPUT ip saddr {{ ip }} counter drop
#!# WARNING: This is very different...
# -A OUTPUT -p tcp --dport 443 -m set --match-set osbuildapi dst -j ACCEPT
add table inet global
add set inet global osbuildapi { type ipv4_addr ; size 65536; }
add set ip filter osbuildapi { type ipv4_addr ; size 65536; }
add rule ip filter OUTPUT tcp dport 443 ip daddr @osbuildapi accept