On Tuesday, 06-08-2024 at 14:40 David Wright wrote:
> On Tue 06 Aug 2024 at 14:25:45 (+1000), George at Clug wrote:
>
> > However I have one issue, my nftables is not recognising the label
> > 'dns' for port 53, although it is recognising labels for other ports
> > that I have been using (e.g. ssh, http, ntp, https).
>
> My /etc/services uses the term "domain" rather than "dns" for 53.
Thanks David,
Using 'domain' does work.
# nano /etc/nftables.conf
...
oifname "enp1s0" ct state new udp dport domain accept
oifname "enp1s0" ct state new tcp dport { ssh, domain, http,
ntp, https } accept
...
# systemctl restart nftables
# nft list ruleset
...
oifname "enp1s0" ct state new udp dport 53 accept
oifname "enp1s0" ct state new tcp dport { 22, 53, 80, 123, 443
} accept
...
George.
>
> Cheers,
> David.
>
>
