GNU/Weeb Mailing List <[email protected]>
 help / color / mirror / Atom feed
* [PATCH server-haj002] init_net: Allow incoming traffic from the master namespace
@ 2023-07-03 21:47 Ammar Faizi
  2023-07-03 21:59 ` Alviro Iskandar Setiawan
  0 siblings, 1 reply; 2+ messages in thread
From: Ammar Faizi @ 2023-07-03 21:47 UTC (permalink / raw)
  To: Alviro Iskandar Setiawan; +Cc: Michael William Jonathan, GNU/Weeb Mailing List

When spawning a shell in the master namespace, I can't perform DNS
requests because the systemd-resolved lives in the default namespace.
This requires the DNS resolver in /etc/resolv.conf to be changed to
10.3.3.2, then the default namespace has to allow DNS query traffics
from 10.3.3.1.

Let's just completely allow internal source network within CIDR source
address 10.3.3.0/24.

Signed-off-by: Ammar Faizi <[email protected]>
---

index 2c26319..404e79b 100755
--- a/init_net.sh
+++ b/init_net.sh
@@ -54,6 +54,7 @@ iptables -t filter -X;
 iptables -t filter -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT;
 iptables -t filter -A INPUT -p tcp -m multiport --dports 80,443,48588 -j ACCEPT;
 iptables -t filter -A INPUT -p icmp -j ACCEPT;
+iptables -t filter -A INPUT -s 10.3.3.0/24 -j ACCEPT;
 iptables -t filter -A INPUT -i lo -j ACCEPT;
 iptables -t filter -P INPUT DROP;
 
-- 
Ammar Faizi


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH server-haj002] init_net: Allow incoming traffic from the master namespace
  2023-07-03 21:47 [PATCH server-haj002] init_net: Allow incoming traffic from the master namespace Ammar Faizi
@ 2023-07-03 21:59 ` Alviro Iskandar Setiawan
  0 siblings, 0 replies; 2+ messages in thread
From: Alviro Iskandar Setiawan @ 2023-07-03 21:59 UTC (permalink / raw)
  To: Ammar Faizi; +Cc: Michael William Jonathan, GNU/Weeb Mailing List

On Tue, Jul 4, 2023 at 4:47 AM Ammar Faizi wrote:
> When spawning a shell in the master namespace, I can't perform DNS
> requests because the systemd-resolved lives in the default namespace.
> This requires the DNS resolver in /etc/resolv.conf to be changed to
> 10.3.3.2, then the default namespace has to allow DNS query traffics
> from 10.3.3.1.
>
> Let's just completely allow internal source network within CIDR source
> address 10.3.3.0/24.
>
> Signed-off-by: Ammar Faizi <[email protected]>

applied, tq

-- Viro

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-07-03 22:00 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-03 21:47 [PATCH server-haj002] init_net: Allow incoming traffic from the master namespace Ammar Faizi
2023-07-03 21:59 ` Alviro Iskandar Setiawan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox