Conntrack Control Method

Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-04-16 18:14:10 +03:00 · 2026-04-04 11:28:32 +03:00
parent 7fe38f1b9f
commit 7f0057acd7
17 changed files with 1658 additions and 29 deletions
--- a/src/service/mod.rs
+++ b/src/service/mod.rs
@@ -159,8 +159,8 @@ MemoryDenyWriteExecute=true
 LockPersonality=true

 # Allow binding to privileged ports and writing to specific paths
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
 ReadWritePaths=/etc/telemt /var/run /var/lib/telemt

 [Install]