ange/archinstall
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: autoload iptables rules

Browse Source
This commit is contained in:
AngeD 2023-11-08 16:14:41 +01:00
parent 856a444267
commit a9f5c22a3b
3 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -21,8 +21,8 @@ If you want to install a gui
$EDITOR ./gui/config $EDITOR ./gui/config
./gui/install.sh ./gui/install.sh
$EDITOR ./gui/config $EDITOR ./gui/$GUI/config
./gui/install.sh ./gui/$GUI/install.sh
``` ```
For the dotfiles, run the script as the newly created user: For the dotfiles, run the script as the newly created user:

12
install.sh
View File

@ -30,11 +30,13 @@ sed -i '/^HOOKS=(/s/filesystems/encrypt filesystems/' /etc/mkinitcpio.conf
# Packages # Packages
$PACMAN "${pkg[@]}" "$cpu-ucode" $PACMAN "${pkg[@]}" "$cpu-ucode"
systemctl enable \ systemctl enable \
NetworkManager \ NetworkManager \
podman.socket \ ip6tables \
reflector.timer \ iptables \
systemd-resolved \ podman.socket \
reflector.timer \
systemd-resolved \
systemd-timesyncd systemd-timesyncd
if ls -d /sys/class/power_supply/BAT*/ > /dev/null 2>&1; then if ls -d /sys/class/power_supply/BAT*/ > /dev/null 2>&1; then

6
rootfs/etc/iptables/ip6tables.rules Normal file
View File

@ -0,0 +1,6 @@
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
COMMIT