iptables: temporarily disable sandbox

it was overrestrictive
2024-09-01 21:24:19 +00:00
parent 8f4d4c97bc
commit 48fccebd1e
1 changed files with 4 additions and 3 deletions
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -790,9 +790,10 @@ in
    #   "/var/run/netns"
    # ];

-    iptables.sandbox.method = "landlock";
-    iptables.sandbox.net = "all";
-    iptables.sandbox.capabilities = [ "net_admin" ];
+    iptables = {};  # TODO: sandbox
+    # iptables.sandbox.method = "landlock";
+    # iptables.sandbox.net = "all";
+    # iptables.sandbox.capabilities = [ "net_admin" ];

    # iputils provides `ping` (and arping, clockdiff, tracepath)
    iputils.sandbox.method = "landlock";