diff options
| -rw-r--r-- | etc/dnsmasq.conf | 2 | ||||
| -rw-r--r-- | etc/netns/ns0/nftables.conf | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/etc/dnsmasq.conf b/etc/dnsmasq.conf index 9ab206b1..743f55aa 100644 --- a/etc/dnsmasq.conf +++ b/etc/dnsmasq.conf @@ -118,7 +118,7 @@ no-resolv #except-interface= # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) -listen-address=::1,127.0.0.1 +#listen-address= # If you want dnsmasq to provide only DNS service on an interface, # configure it as shown above, and then use the following line to # disable DHCP and TFTP on it. diff --git a/etc/netns/ns0/nftables.conf b/etc/netns/ns0/nftables.conf index aeda6c57..2d6a6e48 100644 --- a/etc/netns/ns0/nftables.conf +++ b/etc/netns/ns0/nftables.conf @@ -22,8 +22,8 @@ table inet my_table { ct state invalid drop comment "early drop of invalid connections" ct state {established, related} accept comment "allow tracked connections" iifname lo accept comment "allow from loopback" - iifname $wg_iface ip saddr { 10.0.0.1, 10.0.0.7 } accept comment "allow from wireguard insp and pp ip" - iifname $wg_iface ip6 saddr { fdc9:281f:04d7:9ee9::1, fdc9:281f:04d7:9ee9::7} accept comment "allow from wireguard insp and pp ip" + iifname $wg_iface ip saddr 10.0.0.1 accept comment "allow from wireguard insp ip" + iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::1 accept comment "allow from wireguard insp ip" ip protocol icmp accept meta l4proto ipv6-icmp accept |