@anjan I'm not sure if poking extra holes by default
in the firewall is a good idea.

Anyway, I find the #firewall on #postmarketOS well documented and adding some
rules in /etc/nftables.d is not very complicated.

https://wiki.postmarketos.org/wiki/Firewall

@jan_wagemakers We dont need to poke holes in the default firewall. We can use the "install_if" in the APKBUILD (see man APKBUILD). This is how the docker rules in pmOS are set and the docker rules are only installed if docker is installed. Regardless, I want pmOS to have sane defaults out of the box so I submitted a merge request: https://gitlab.com/postmarketOS/pmaports/-/merge_requests/2725/diffs

@jan_wagemakers Thanks for posting this, I had to ask in the chatroom how docker nftable worked so updated the firewall wiki page to include instructions on how to contribute.

@anjan @jan_wagemakers I just merged @anjan's patched based on your rule. Thanks for helping us to support mosh!

@anjan Ok, there was some misunderstanding from my
side about how things work. Thanks for educating me ;)

I see that now "postmarketos-config-nftables-moshserver" get's installed
with "mosh-server" to add the extra rule. Nice!