27b8e83aa5
Use ErrKernelModuleMissing when missing kernel module string is detected
2026-03-11 13:35:56 +00:00
a62220d7b6
give up on kernel modules checks
2026-03-02 23:17:08 +00:00
594b1db98b
Require xt_CONNMARK and define its kernel config values
2026-02-28 15:13:23 +00:00
bfc8136bc9
Fourth fallback, use DROP temporarily instead of REJECT
2026-02-27 12:17:12 +00:00
1fd4cc511a
Fix kernel module names
2026-02-27 12:16:54 +00:00
af0bc3e224
allow custom chain name targets
2026-02-26 23:18:44 +00:00
302f1f11f7
only use kernel modules error as context to an actual error, not as a requirement since some systems don't show what they support reliably
2026-02-26 23:14:40 +00:00
f654dece66
Reject output public ip traffic for 1s as another fallback
2026-02-26 23:10:37 +00:00
a37354426b
Fallback to accepting only NEW output public traffic if conntrack netlink isn't supported
2026-02-26 23:08:32 +00:00
2bb4deccd5
feat(firewall): atomic iptables operations
...
- all operations rollback on failure
- disabling the firewall means rolling back to its state before enabling it
- aligns with nftables atomicity feature
2026-02-26 22:58:52 +00:00
d21953f62e
chore(firewall): split apart iptables specific code in internal/firewall/iptables
2026-02-25 04:23:53 +00:00
Quentin McGaw