Follow

By using , I’m able to login on my running , but
doing the same with fails.

To fix this, I’ve added the file 99_mosh.nft to /etc/nftables.d:

--
#!/usr/sbin/nft -f

table inet filter {
chain input {

# drop mosh from wwan
iifname "wwan*" udp dport 60000-60010 drop comment "drop mosh from wwan"

# allow mosh
udp dport 60000-60010 accept comment "accept mosh"

}
}
--

janwagemakers.be/jekyll/pineph

@jan_wagemakers submitting a bug report or better yet, a merge request to pmaports would be cool! Ive always wanted to try out mosh.

@anjan I'm not sure if poking extra holes by default
in the firewall is a good idea.

Anyway, I find the on well documented and adding some
rules in /etc/nftables.d is not very complicated.

wiki.postmarketos.org/wiki/Fir

@jan_wagemakers We dont need to poke holes in the default firewall. We can use the "install_if" in the APKBUILD (see man APKBUILD). This is how the docker rules in pmOS are set and the docker rules are only installed if docker is installed. Regardless, I want pmOS to have sane defaults out of the box so I submitted a merge request: https://gitlab.com/postmarketOS/pmaports/-/merge_requests/2725/diffs
@jan_wagemakers Thanks for posting this, I had to ask in the chatroom how docker nftable worked so updated the firewall wiki page to include instructions on how to contribute.

@anjan @jan_wagemakers I just merged @anjan's patched based on your rule. Thanks for helping us to support mosh!

@anjan Ok, there was some misunderstanding from my
side about how things work. Thanks for educating me ;)

I see that now "postmarketos-config-nftables-moshserver" get's installed
with "mosh-server" to add the extra rule. Nice!

Sign in to participate in the conversation
Linux.Pizza

A instance dedicated - but not limited - to people with an interest in the GNU+Linux ecosystem and/or general tech. Sysadmins to enthusiasts, creators to movielovers - Welcome!