From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ammarfaizi2@gnuweeb.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF autolearn=ham
	autolearn_force=no version=3.4.6
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org;
	s=default; t=1688420873;
	bh=EH6Dzecfw7wT0A6f4BuPS01DJPGEgxtoE3vgHLi2r7c=;
	h=Date:From:To:Cc:Subject;
	b=Ada0CqVD5Q3lr0xj07xdMFLUuVaPqiAIEg3y2+j2yjEHhOTsIcO2JZjiVHELPRTMm
	 YBJVOntpwdwjWud/ARWO8FPmQ70/jqzjfShJq4JxcBn2vQZrOgbBb1vQ1em0pa66lH
	 NkAZfP8sbDC7DjTSRUgcsCuAP04rmXdP7mUB9WrDloyUBHbphXI9csfA2+ICorxoLP
	 jkjshh9Cs1cP4OxRbs+zRVC+kQTG0x4gp7KkIjYOhPI3bPmGGU2/H9YnBVeUc+ab/N
	 VvYeoX7OkPwv1afJ8gH1sG93soBwPDFqLKNOBUF6dLyLbAZrBUM7qDp2AvR6SCsVdR
	 uQ/LDlK5+Lcwg==
Received: from biznet-home.integral.gnuweeb.org (unknown [68.183.184.174])
	by gnuweeb.org (Postfix) with ESMTPSA id 1446D23EB0C;
	Tue,  4 Jul 2023 04:47:51 +0700 (WIB)
Date: Tue, 4 Jul 2023 04:47:48 +0700
From: Ammar Faizi <ammarfaizi2@gnuweeb.org>
To: Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org>
Cc: Michael William Jonathan <moe@gnuweeb.org>,
	GNU/Weeb Mailing List <gwml@vger.gnuweeb.org>
Subject: [PATCH server-haj002] init_net: Allow incoming traffic from the
 master namespace
Message-ID: <ZKNCBLWNtW0aVux1@biznet-home.integral.gnuweeb.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Bpl: hUx9VaHkTWcLO7S8CQCslj6OzqBx2hfLChRz45nPESx5VSB/xuJQVOKOB1zSXE3yc9ntP27bV1M1
List-Id: <gwml.vger.gnuweeb.org>

When spawning a shell in the master namespace, I can't perform DNS
requests because the systemd-resolved lives in the default namespace.
This requires the DNS resolver in /etc/resolv.conf to be changed to
10.3.3.2, then the default namespace has to allow DNS query traffics
from 10.3.3.1.

Let's just completely allow internal source network within CIDR source
address 10.3.3.0/24.

Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---

index 2c26319..404e79b 100755
--- a/init_net.sh
+++ b/init_net.sh
@@ -54,6 +54,7 @@ iptables -t filter -X;
 iptables -t filter -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT;
 iptables -t filter -A INPUT -p tcp -m multiport --dports 80,443,48588 -j ACCEPT;
 iptables -t filter -A INPUT -p icmp -j ACCEPT;
+iptables -t filter -A INPUT -s 10.3.3.0/24 -j ACCEPT;
 iptables -t filter -A INPUT -i lo -j ACCEPT;
 iptables -t filter -P INPUT DROP;
 
-- 
Ammar Faizi