nftables.conf, allow qrcp, drop ssh and searx, based on services and config files

4 files changed, 22 insertions, 2 deletions

diff --git a/etc/nftables.conf b/etc/nftables.conf
index aa2b53f1..b1d638b6 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -5,6 +5,7 @@
 
 # some codes from https://wiki.archlinux.org/title/Nftables
 
+# needed for reload config using `sudo systemctl restart nftables` or `sudo nft -f /etc/nftables.conf`
 table inet my_table
 delete table inet my_table
 
@@ -19,7 +20,12 @@ table inet my_table {
 		iifname lo accept comment "allow from loopback"
 		ip protocol icmp accept comment "allow icmp"
 		meta l4proto ipv6-icmp accept comment "allow icmp v6"
-		tcp dport ssh accept comment "allow sshd"
+
+		#tcp dport ssh accept comment "allow sshd"
+		#tcp dport searx accept comment "allow searx"
+		tcp dport qrcp accept comment "allow qrcp"
+		udp dport mdns accept comment "allow mdns"
+
 		pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
 		counter comment "count any other traffic"
 	}
diff --git a/etc/services b/etc/services
index 7c50cb8d..3526490c 100644
--- a/etc/services
+++ b/etc/services
@@ -11457,3 +11457,6 @@ matahari        49000/tcp
 nusrp           49001/tcp
 nusdp-disc      49001/udp
 inspider        49150/tcp
+# my services
+searx           49152/tcp
+qrcp            49153/tcp
diff --git a/etc/uwsgi/searx.ini b/etc/uwsgi/searx.ini
index 148c84ba..ed81b379 100644
--- a/etc/uwsgi/searx.ini
+++ b/etc/uwsgi/searx.ini
@@ -1,5 +1,5 @@
 [uwsgi]

-http-socket = :8888

+http-socket = :49152

 

 # Who will run the code

 uid = searx

diff --git a/home/xyz/.config/qrcp/config.json b/home/xyz/.config/qrcp/config.json
new file mode 100644
index 00000000..b7f02141
--- /dev/null
+++ b/home/xyz/.config/qrcp/config.json
@@ -0,0 +1,11 @@
+{
+    "fqdn": "",
+    "interface": "wlp6s0",
+    "port": 49153,
+    "keepAlive": false,
+    "path": "",
+    "secure": false,
+    "tls-key": "",
+    "tls-cert": "",
+    "output": ""
+}
\ No newline at end of file