diff options
author | Kenny Ballou <kb@devnulllabs.io> | 2021-07-23 11:36:49 -0600 |
---|---|---|
committer | Kenny Ballou <kb@devnulllabs.io> | 2021-07-23 11:39:30 -0600 |
commit | 5a26ebf03cb3a3a2f16b2dc182c65424554870ba (patch) | |
tree | 7380a712fa7ebe339916ad7029e3b64e6c16e97e /eligos | |
parent | 1f00d242d279e650edc5309bf0d3874b3534570b (diff) | |
download | cfg.nix-5a26ebf03cb3a3a2f16b2dc182c65424554870ba.tar.gz cfg.nix-5a26ebf03cb3a3a2f16b2dc182c65424554870ba.tar.xz |
Disable networkmanager from writing `/etc/resolv.conf` and use
configured DNS servers with DNS over TLS.
Prune down list of nameservers as Level3 and OpenDNS do not currently
support DoT.
Signed-off-by: Kenny Ballou <kb@devnulllabs.io>
Diffstat (limited to 'eligos')
-rw-r--r-- | eligos/nftables-rules.nft | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/eligos/nftables-rules.nft b/eligos/nftables-rules.nft index c26071e..d051a6d 100644 --- a/eligos/nftables-rules.nft +++ b/eligos/nftables-rules.nft @@ -39,6 +39,8 @@ table inet filter { iif lo oif lo counter accept ip saddr 127.0.0.1 ip daddr 127.0.0.1/8 counter accept udp dport domain counter accept + tcp dport domain-s counter accept + udp dport domain-s counter accept tcp dport http counter accept tcp dport https counter accept tcp dport ssh counter accept |