guix/gnu/services
Tomas Volf 82f9e5ac97
services: nftables: Tighten the default rules.
Packets for local host IP ranges should be coming only over lo.  If that is
not the case, we should drop them.  Use iif for the check instead of iifname,
lo is guaranteed to exists, and iif is faster.

* gnu/services/networking.scm (%default-nftables-ruleset): Tighten the rules.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-10-20 00:33:26 +02:00
..
admin.scm services: file-database: Clarify 'excluded-directories' description. 2023-08-22 11:17:53 +02:00
audio.scm services: configuration: Add some commonly used predicates. 2023-10-07 12:41:06 -04:00
auditd.scm
authentication.scm services: Use more 'file-append'. 2023-08-15 23:30:44 +02:00
avahi.scm
base.scm services: static-networking: Add support for bonding. 2023-10-11 18:51:07 +02:00
certbot.scm services: certbot: Fix nginx crash when certbot is used without domains. 2023-06-18 23:12:10 +02:00
cgit.scm services: cgit: Allow file-like objects for ‘root-readme’. 2023-09-09 15:54:37 +02:00
ci.scm
configuration.scm services: configuration: Add some commonly used predicates. 2023-10-07 12:41:06 -04:00
cuirass.scm services: cuirass: Add ‘log-expiry’ option for ‘remote-server’. 2023-10-12 22:14:34 +02:00
cups.scm services: cups: Add cups PAM service. 2023-05-23 20:26:19 -04:00
databases.scm services: posgresql: Add option to specify UID/GID for postgres user. 2023-08-16 22:37:52 +02:00
dbus.scm Merge remote-tracking branch 'origin/master' into core-updates 2023-03-20 18:49:06 +01:00
desktop.scm Merge remote-tracking branch 'origin/master' into kde-updates 2023-08-17 18:38:23 +08:00
dict.scm home: services: Add dicod. 2023-08-20 22:48:47 +02:00
dns.scm Revert "services: Add ddclient service." 2023-08-16 23:13:55 +02:00
docker.scm file-systems: Use cgroups v2. 2023-08-08 18:01:55 +02:00
file-sharing.scm
games.scm
ganeti.scm
getmail.scm
guix.scm services: bffe: Use guile from the package. 2023-09-15 11:10:43 +01:00
herd.scm services: herd: Add a new 'current-service' procedure. 2023-07-21 11:58:44 -04:00
hurd.scm
kerberos.scm services: Use more 'file-append'. 2023-08-15 23:30:44 +02:00
ldap.scm
lightdm.scm system: pam: Let PAM extensions add shepherd requirements. 2023-05-11 13:21:45 +02:00
linux.scm services: fstrim-service-type: Serialize with SRFI-171 transducers. 2023-10-07 12:41:05 -04:00
lirc.scm services: lirc: Deprecate 'lirc-service' procedure. 2023-03-03 17:55:34 +01:00
mail.scm system: pam: Let PAM extensions add shepherd requirements. 2023-05-11 13:21:45 +02:00
mcron.scm services: mcron: Hide ‘mkdir-p’ from (shepherd support). 2023-10-05 23:14:55 +02:00
messaging.scm services: Transient inetd services inherit requirements. 2023-05-21 01:04:39 +02:00
monitoring.scm services: Add vnstat-service-type. 2023-05-11 16:38:29 +02:00
networking.scm services: nftables: Tighten the default rules. 2023-10-20 00:33:26 +02:00
nfs.scm
nix.scm
pam-mount.scm services: Use more 'file-append'. 2023-08-15 23:30:44 +02:00
pm.scm
rsync.scm services: rsync: Use least authority wrapper. 2023-05-18 23:11:19 -04:00
samba.scm
science.scm
sddm.scm services: sddm: Set some environment variables for the breeze theme. 2023-08-02 22:27:43 +08:00
security-token.scm
security.scm services: replace bare serializers with (serializer ...) 2023-04-02 12:35:30 +02:00
shepherd.scm services: Validate 'provision' field of <shepherd-service>. 2023-06-25 23:46:03 +02:00
sound.scm services: ladspa: Export accessors. 2023-03-07 11:39:50 +01:00
spice.scm services: spice: Deprecate 'spice-vdagent-service' procedure. 2023-03-03 17:55:35 +01:00
ssh.scm services: Transient inetd services inherit requirements. 2023-05-21 01:04:39 +02:00
syncthing.scm services: syncthing: Ensure that service runs after mounting home directories. 2023-09-17 15:31:03 +02:00
sysctl.scm
telephony.scm services: configuration: Add some commonly used predicates. 2023-10-07 12:41:06 -04:00
version-control.scm
virtualization.scm services: hurd-vm: Leave root password uninitialized when offloading. 2023-10-05 23:14:55 +02:00
vnc.scm services: Transient inetd services inherit requirements. 2023-05-21 01:04:39 +02:00
vpn.scm services: vpn: Fix broken format string for wireguard dns. 2023-09-09 12:24:12 +02:00
web.scm services: nginx: Harden php-location settings. 2023-07-02 02:00:01 +02:00
xorg.scm services: screen-locker-service-type: Configurable PAM and setuid. 2023-06-04 10:33:55 +02:00