diff options
Diffstat (limited to 'etc/nftables.conf')
| -rw-r--r-- | etc/nftables.conf | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf index f22150e..dd5e09c 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -38,5 +38,11 @@ table inet filter { # load before libvirtd has created virbr0 at boot. iifname "virbr0" accept comment "libvirt: guest egress" oifname "virbr0" ct state established,related accept comment "libvirt: guest return" + + # Waydroid's NAT bridge: same pattern as libvirt. Waydroid configures its + # own MASQUERADE in nat/POSTROUTING but does NOT add forward accepts, so + # without these the Android container has no outbound network. + iifname "waydroid0" accept comment "waydroid: guest egress" + oifname "waydroid0" ct state established,related accept comment "waydroid: guest return" } } |