pygoscelis: For podman enable some iptables alibi stuff
This relates to commit 6f3b17704b2b0ed8c84d0b5e7a12265ae85d73dd where I enabled these for the hosts aptenodytes and eudyptes which run on hetzner VMs.
This commit is contained in:
parent
ffd31945f1
commit
dcbe936e84
@ -1204,6 +1204,7 @@ CONFIG_NFT_QUEUE=m
|
|||||||
CONFIG_NFT_QUOTA=m
|
CONFIG_NFT_QUOTA=m
|
||||||
CONFIG_NFT_REJECT=m
|
CONFIG_NFT_REJECT=m
|
||||||
CONFIG_NFT_REJECT_INET=m
|
CONFIG_NFT_REJECT_INET=m
|
||||||
|
# CONFIG_NFT_COMPAT is not set
|
||||||
CONFIG_NFT_HASH=m
|
CONFIG_NFT_HASH=m
|
||||||
CONFIG_NFT_FIB=m
|
CONFIG_NFT_FIB=m
|
||||||
# CONFIG_NFT_FIB_INET is not set
|
# CONFIG_NFT_FIB_INET is not set
|
||||||
@ -1219,7 +1220,81 @@ CONFIG_NFT_REJECT_NETDEV=m
|
|||||||
CONFIG_NF_FLOW_TABLE_INET=m
|
CONFIG_NF_FLOW_TABLE_INET=m
|
||||||
CONFIG_NF_FLOW_TABLE=m
|
CONFIG_NF_FLOW_TABLE=m
|
||||||
# CONFIG_NF_FLOW_TABLE_PROCFS is not set
|
# CONFIG_NF_FLOW_TABLE_PROCFS is not set
|
||||||
# CONFIG_NETFILTER_XTABLES is not set
|
CONFIG_NETFILTER_XTABLES=m
|
||||||
|
|
||||||
|
#
|
||||||
|
# Xtables combined modules
|
||||||
|
#
|
||||||
|
# CONFIG_NETFILTER_XT_MARK is not set
|
||||||
|
# CONFIG_NETFILTER_XT_CONNMARK is not set
|
||||||
|
|
||||||
|
#
|
||||||
|
# Xtables targets
|
||||||
|
#
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_LED is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_LOG is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
|
||||||
|
CONFIG_NETFILTER_XT_NAT=m
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_NETMAP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set
|
||||||
|
CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
||||||
|
|
||||||
|
#
|
||||||
|
# Xtables matches
|
||||||
|
#
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_ADDRTYPE is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CONNTRACK is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_CPU is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_ECN is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_HELPER is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_HL is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_L2TP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_MAC is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_MARK is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_OSF is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_REALM is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
||||||
# end of Core Netfilter Configuration
|
# end of Core Netfilter Configuration
|
||||||
|
|
||||||
# CONFIG_IP_SET is not set
|
# CONFIG_IP_SET is not set
|
||||||
@ -1240,7 +1315,20 @@ CONFIG_NF_DUP_IPV4=m
|
|||||||
CONFIG_NF_LOG_ARP=m
|
CONFIG_NF_LOG_ARP=m
|
||||||
CONFIG_NF_LOG_IPV4=m
|
CONFIG_NF_LOG_IPV4=m
|
||||||
CONFIG_NF_REJECT_IPV4=m
|
CONFIG_NF_REJECT_IPV4=m
|
||||||
# CONFIG_IP_NF_IPTABLES is not set
|
CONFIG_IP_NF_IPTABLES=m
|
||||||
|
# CONFIG_IP_NF_MATCH_AH is not set
|
||||||
|
# CONFIG_IP_NF_MATCH_ECN is not set
|
||||||
|
# CONFIG_IP_NF_MATCH_TTL is not set
|
||||||
|
CONFIG_IP_NF_FILTER=m
|
||||||
|
# CONFIG_IP_NF_TARGET_REJECT is not set
|
||||||
|
# CONFIG_IP_NF_TARGET_SYNPROXY is not set
|
||||||
|
CONFIG_IP_NF_NAT=m
|
||||||
|
CONFIG_IP_NF_TARGET_MASQUERADE=m
|
||||||
|
# CONFIG_IP_NF_TARGET_NETMAP is not set
|
||||||
|
# CONFIG_IP_NF_TARGET_REDIRECT is not set
|
||||||
|
# CONFIG_IP_NF_MANGLE is not set
|
||||||
|
# CONFIG_IP_NF_RAW is not set
|
||||||
|
# CONFIG_IP_NF_SECURITY is not set
|
||||||
# CONFIG_IP_NF_ARPTABLES is not set
|
# CONFIG_IP_NF_ARPTABLES is not set
|
||||||
# end of IP: Netfilter Configuration
|
# end of IP: Netfilter Configuration
|
||||||
|
|
||||||
@ -1256,12 +1344,31 @@ CONFIG_NFT_FIB_IPV6=m
|
|||||||
CONFIG_NF_DUP_IPV6=m
|
CONFIG_NF_DUP_IPV6=m
|
||||||
CONFIG_NF_REJECT_IPV6=m
|
CONFIG_NF_REJECT_IPV6=m
|
||||||
CONFIG_NF_LOG_IPV6=m
|
CONFIG_NF_LOG_IPV6=m
|
||||||
# CONFIG_IP6_NF_IPTABLES is not set
|
CONFIG_IP6_NF_IPTABLES=m
|
||||||
|
# CONFIG_IP6_NF_MATCH_AH is not set
|
||||||
|
# CONFIG_IP6_NF_MATCH_EUI64 is not set
|
||||||
|
# CONFIG_IP6_NF_MATCH_FRAG is not set
|
||||||
|
# CONFIG_IP6_NF_MATCH_OPTS is not set
|
||||||
|
# CONFIG_IP6_NF_MATCH_HL is not set
|
||||||
|
# CONFIG_IP6_NF_MATCH_IPV6HEADER is not set
|
||||||
|
# CONFIG_IP6_NF_MATCH_MH is not set
|
||||||
|
# CONFIG_IP6_NF_MATCH_RT is not set
|
||||||
|
# CONFIG_IP6_NF_MATCH_SRH is not set
|
||||||
|
CONFIG_IP6_NF_FILTER=m
|
||||||
|
# CONFIG_IP6_NF_TARGET_REJECT is not set
|
||||||
|
# CONFIG_IP6_NF_TARGET_SYNPROXY is not set
|
||||||
|
# CONFIG_IP6_NF_MANGLE is not set
|
||||||
|
# CONFIG_IP6_NF_RAW is not set
|
||||||
|
# CONFIG_IP6_NF_SECURITY is not set
|
||||||
|
CONFIG_IP6_NF_NAT=m
|
||||||
|
CONFIG_IP6_NF_TARGET_MASQUERADE=m
|
||||||
|
# CONFIG_IP6_NF_TARGET_NPT is not set
|
||||||
# end of IPv6: Netfilter Configuration
|
# end of IPv6: Netfilter Configuration
|
||||||
|
|
||||||
CONFIG_NF_DEFRAG_IPV6=y
|
CONFIG_NF_DEFRAG_IPV6=y
|
||||||
# CONFIG_NF_TABLES_BRIDGE is not set
|
# CONFIG_NF_TABLES_BRIDGE is not set
|
||||||
CONFIG_NF_CONNTRACK_BRIDGE=m
|
CONFIG_NF_CONNTRACK_BRIDGE=m
|
||||||
|
# CONFIG_BRIDGE_NF_EBTABLES is not set
|
||||||
CONFIG_BPFILTER=y
|
CONFIG_BPFILTER=y
|
||||||
CONFIG_BPFILTER_UMH=m
|
CONFIG_BPFILTER_UMH=m
|
||||||
# CONFIG_IP_DCCP is not set
|
# CONFIG_IP_DCCP is not set
|
||||||
@ -1340,11 +1447,13 @@ CONFIG_NET_EMATCH_STACK=32
|
|||||||
# CONFIG_NET_EMATCH_U32 is not set
|
# CONFIG_NET_EMATCH_U32 is not set
|
||||||
# CONFIG_NET_EMATCH_META is not set
|
# CONFIG_NET_EMATCH_META is not set
|
||||||
# CONFIG_NET_EMATCH_TEXT is not set
|
# CONFIG_NET_EMATCH_TEXT is not set
|
||||||
|
# CONFIG_NET_EMATCH_IPT is not set
|
||||||
CONFIG_NET_CLS_ACT=y
|
CONFIG_NET_CLS_ACT=y
|
||||||
# CONFIG_NET_ACT_POLICE is not set
|
# CONFIG_NET_ACT_POLICE is not set
|
||||||
# CONFIG_NET_ACT_GACT is not set
|
# CONFIG_NET_ACT_GACT is not set
|
||||||
# CONFIG_NET_ACT_MIRRED is not set
|
# CONFIG_NET_ACT_MIRRED is not set
|
||||||
# CONFIG_NET_ACT_SAMPLE is not set
|
# CONFIG_NET_ACT_SAMPLE is not set
|
||||||
|
# CONFIG_NET_ACT_IPT is not set
|
||||||
# CONFIG_NET_ACT_NAT is not set
|
# CONFIG_NET_ACT_NAT is not set
|
||||||
# CONFIG_NET_ACT_PEDIT is not set
|
# CONFIG_NET_ACT_PEDIT is not set
|
||||||
# CONFIG_NET_ACT_SIMP is not set
|
# CONFIG_NET_ACT_SIMP is not set
|
||||||
|
Loading…
x
Reference in New Issue
Block a user