Commit 458a3b5b authored by intrigeri's avatar intrigeri
Browse files

Firewall: forbid the _apt user to talk to DNS ports.

I've seen it trying to talk to UDP port 5353 (and being blocked), which makes
the logs noisy. APT works very well without DNS access since we only have Onion
APT sources, so let's silence the logs.
parent 4131f73d
......@@ -67,6 +67,7 @@ domain ip {
# White-list access to system DNS and Tor's DNSPort
daddr 127.0.0.1 proto udp dport (53 5353) {
mod owner uid-owner $amnesia_uid ACCEPT;
mod owner uid-owner _apt DROP;
}
# White-list access to the accessibility daemon
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment