diff options
| author | Xiao Pan <xyz@flylightning.xyz> | 2025-07-14 16:06:44 +0800 |
|---|---|---|
| committer | Xiao Pan <xyz@flylightning.xyz> | 2025-07-14 16:06:44 +0800 |
| commit | 2a93b6783e880f5c14e82eba8ba006126b384930 (patch) | |
| tree | fb7967f9a660807bc1a1df36de98745d8af89e0d | |
| parent | 032bc7b3daf88836ecd903cb6c2550046c661015 (diff) | |
nft only allow monerod-p2p port to wg_* network interfaces
Note I think this will not prevent monerod download things from public
internet without wireguard tunnel. But a little more limit is still
better, maybe upload will limit a little bit to wg_* network interfaces.
| -rw-r--r-- | etc/nftables.conf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf index 480298a3..1ec682d9 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -27,7 +27,7 @@ table inet my_table { udp dport mdns accept tcp dport qbt accept udp dport qbt accept - tcp dport monerod-p2p accept + iifname wg_* tcp dport monerod-p2p accept #tcp dport iperf3 accept #udp dport wireguard accept |