delta/systemd.git - github.com: systemd/systemd.git

diff options

author	Topi Miettinen <toiwoton@gmail.com>	2022-05-22 15:17:24 +0300
committer	Topi Miettinen <topimiettinen@users.noreply.github.com>	2022-06-08 16:12:25 +0000
commit	46c3b1ff887e096f89cb1eae9b2567c5dd4272d3 (patch)
tree	f834624ca67c0a8b8dbf586dcbb6b1a3a14045c0 /po
parent	c0548df0a2f78f3422d77c77c2149d8a7f50d8f6 (diff)
download	systemd-46c3b1ff887e096f89cb1eae9b2567c5dd4272d3.tar.gz

core: firewall integration with DynamicUserNFTSet=

New directive `DynamicUserNFTSet=` provides a method for integrating configuration of dynamic users into firewall rules with NFT sets. Example: ``` table inet filter { set u { typeof meta skuid } chain service_output { meta skuid != @u drop accept } } ``` ``` /etc/systemd/system/dunft.service [Service] DynamicUser=yes DynamicUserNFTSet=inet:filter:u ExecStart=/bin/sleep 1000 [Install] WantedBy=multi-user.target ``` ``` $ sudo nft list set inet filter u table inet filter { set u { typeof meta skuid elements = { 64864 } } } $ ps -n --format user,group,pid,command -p `pgrep sleep` USER GROUP PID COMMAND 64864 64864 55158 /bin/sleep 1000 ```

Diffstat (limited to 'po')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: