Firewall: forbid the _apt user to talk to DNS ports.

I've seen it trying to talk to UDP port 5353 (and being blocked), which makes the logs noisy. APT works very well without DNS access since we only have Onion APT sources, so let's silence the logs.

Firewall: forbid the _apt user to talk to DNS ports.
I've seen it trying to talk to UDP port 5353 (and being blocked), which makes the logs noisy. APT works very well without DNS access since we only have Onion APT sources, so let's silence the logs.
458a3b5b · intrigeri · 4131f73d · 458a3b5b
Commit 458a3b5b authored Mar 20, 2017 by intrigeri
--- a/config/chroot_local-includes/etc/ferm/ferm.conf
+++ b/config/chroot_local-includes/etc/ferm/ferm.conf
@@ -67,6 +67,7 @@ domain ip {
                # White-list access to system DNS and Tor's DNSPort
                daddr 127.0.0.1 proto udp dport (53 5353) {
                    mod owner uid-owner $amnesia_uid ACCEPT;
+                    mod owner uid-owner _apt DROP;
                }

                # White-list access to the accessibility daemon