By using #SSH, I’m able to login on my #pinephone running #postmarketOS, but
doing the same with #mosh fails.
To fix this, I’ve added the file 99_mosh.nft to /etc/nftables.d:
--
#!/usr/sbin/nft -f
table inet filter {
chain input {
# drop mosh from wwan
iifname "wwan*" udp dport 60000-60010 drop comment "drop mosh from wwan"
# allow mosh
udp dport 60000-60010 accept comment "accept mosh"
}
}
--
https://www.janwagemakers.be/jekyll/pinephone/2021/12/04/pinephone-mosh.html
@anjan I'm not sure if poking extra holes by default
in the firewall is a good idea.
Anyway, I find the #firewall on #postmarketOS well documented and adding some
rules in /etc/nftables.d is not very complicated.
@anjan @jan_wagemakers I just merged @anjan's patched based on your rule. Thanks for helping us to support mosh!
@anjan Ok, there was some misunderstanding from my
side about how things work. Thanks for educating me ;)
I see that now "postmarketos-config-nftables-moshserver" get's installed
with "mosh-server" to add the extra rule. Nice!