-
Notifications
You must be signed in to change notification settings - Fork 4
Firewall open port
These instructions only work for a release > 20.02. For an older release you can manually copy the files from the Trident core Repository to the folder /etc/firewall-conf/ and follow the instructions given.
After a fresh install of Project Trident there is an active firewall configured that enables any outgoing network traffic but denies any incoming traffic. That's a safe point to start from, but maybe you want to ssh into your machine, so at least one port must be opened up.
Nftables is used as the firewall and the default firewall settings are configured in the file /etc/firewall-conf/open-out.conf. Do not make any changes here, this file may well be overwritten with future updates!
But from inside this file all custom-*.conf files in the same directory are included. There also is a sample file to get you started.
Before those files are included,
- all existing rules are flushed
- a new table
filteris created - a new chain
inputis created and hooked into the netfilter infrastructure for incoming network traffic
In this context your own rules can be added to a custom-*.conf file.
To open a port you basically add a line with the command
add rule inet filter input <prot> dport <port> accept
^ ^ ^ ^ ^
| | | | |
| | | | port to open
| | | protocol
| | |
| | chain
| table
family
Example
add rule inet filter input tcp dport 22 accept
This translates to add a rule for the inet family to the table filter in the input chain to accept connections to port 22 with protocol tcp.
-
Become root
sudo su - -
Copy the sample file
cd /etc/firewall-conf cp custom-input.conf.sample custom-input.conf -
Edit the copied file. As an example the hash before the line that opens port
22for ssh is removed. Of course you can use the editor of your choice in doing so.sed -i e 's/#add rule inet filter input tcp dport 22 accept/add rule inet filter input tcp dport 22 accept/g' custom-input.conf # show the result grep --after-context=1 'ssh' custom-input.conf -
Restart the firewall
sv restart nftables
That's it.
If you want to open other ports, simply copy one ore more of the sample lines and change protocol and/or port.
Have a look at the nftables Wiki.
- Main Website: https://project-trident.org
- Sponsorships available! https://project-trident.org/sponsors
- Void Linux Documentation
- Void Linux Rosetta Stone: Dictionary of commands between different Linux distros.
- Void Linux FAQ