Skip to content

Commit

Permalink
Revert SMTP patches and RMB patch
Browse files Browse the repository at this point in the history 
This reverts commit bd13633.
This reverts commit dc1f278.
This reverts commit cf84a0e.

Signed-off-by: Lee Smet <[email protected]>
  • Loading branch information
@LeeSmet
LeeSmet committed Jul 3, 2023
1 parent bd13633 commit 5030fd9
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 33 deletions.
4 changes: 2 additions & 2 deletions bins/packages/rmb/rmb.sh
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
RMB_VERSION="1.0.6"
RMB_CHECKSUM="0a864b3bd6b8b8ca762f1024052f73ed"
RMB_VERSION="1.0.5"
RMB_CHECKSUM="c6ce07170300c149d4cca6523f4081c4"
RMB_LINK="https://github.com/threefoldtech/rmb-rs/releases/download/v${RMB_VERSION}/rmb-peer"

download_rmb() {
Expand Down
42 changes: 11 additions & 31 deletions cmds/modules/networkd/nft.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,45 +12,25 @@ func ensureHostFw(ctx context.Context) error {
log.Info().Msg("ensuring existing host nft rules")

cmd := exec.CommandContext(ctx, "/bin/sh", "-c",
`
nft 'add table inet filter'
nft 'add table arp filter'
nft 'add table bridge filter'
# duo to a bug we had we need to make sure those chains are
# deleted and then recreated later
nft 'delete chain inet filter input'
nft 'delete chain inet filter forward'
nft 'delete chain inet filter output'
nft 'delete chain bridge filter input'
nft 'delete chain bridge filter forward'
nft 'delete chain bridge filter output'
nft 'delete chain arp filter input'
nft 'delete chain arp filter output'
# recreate chains correctly
`nft 'add table inet filter'
nft 'add chain inet filter input { type filter hook input priority filter; policy accept; }'
nft 'add chain inet filter forward { type filter hook forward priority filter; policy accept; }'
nft 'add chain inet filter output { type filter hook output priority filter; policy accept; }'
nft 'add chain inet filter prerouting { type filter hook prerouting priority filter; policy accept; }'
nft 'add chain inet filter forward { type filter hook input priority filter; policy accept; }'
nft 'add chain inet filter output { type filter hook input priority filter; policy accept; }'
nft 'add table arp filter'
nft 'add chain arp filter input { type filter hook input priority filter; policy accept; }'
nft 'add chain arp filter output { type filter hook output priority filter; policy accept; }'
nft 'add chain arp filter output { type filter hook input priority filter; policy accept; }'
nft 'add table bridge filter'
nft 'add chain bridge filter input { type filter hook input priority filter; policy accept; }'
nft 'add chain bridge filter forward { type filter hook forward priority filter; policy accept; }'
nft 'add chain bridge filter forward { type filter hook input priority filter; policy accept; }'
nft 'add chain bridge filter prerouting { type filter hook prerouting priority filter; policy accept; }'
nft 'add chain bridge filter postrouting { type filter hook postrouting priority filter; policy accept; }'
nft 'add chain bridge filter output { type filter hook output priority filter; policy accept; }'
nft 'add chain bridge filter output { type filter hook input priority filter; policy accept; }'
nft 'flush chain bridge filter forward'
nft 'flush chain inet filter forward'
nft 'flush chain inet filter prerouting'
# drop smtp traffic for hidden nodes
nft 'add rule inet filter prerouting iifname "b-*" tcp dport {25, 587, 465} reject with icmp type admin-prohibited'
# nft 'add rule bridge filter forward icmpv6 type nd-router-advert drop'
# nft 'add rule bridge filter forward ip6 version 6 udp sport 547 drop'
# nft 'add rule bridge filter forward ip version 4 udp sport 67 drop'
`)

if err := cmd.Run(); err != nil {
Expand Down

0 comments on commit 5030fd9

Please sign in to comment.