By using SSH, I’m able to login on my pinephone running postmarketOS, but doing the same with mosh fails.

mosh: Last reply 15 seconds ago. [To quit: Ctrl-^ .]
mosh did not make a successful connection to 192.168.1.130:60001.
Please verify that UDP port 60001 is not firewalled and can reach the
server.

(By default, mosh uses a UDP port between 60000 and 61000. The -p option
selects a specific UDP port number.)
[mosh is exiting.]

So, I’ve added the file 99_mosh.nft to /etc/nftables.d:

#!/usr/sbin/nft -f

table inet filter {
        chain input {

                # drop mosh from wwan
                iifname "wwan*" udp dport 60000-60010 drop comment "drop
mosh from wwan"

                # allow mosh
                udp dport 60000-60010 accept comment "accept mosh"

        }
}

Now, I’m able to login on my pinephone by using mosh :)

Update 6 dec 2021

Rules are now available in the postmarketos-config-nftables-moshserver package.

Relevant links:

• firewall: add mosh config (!2725) · Merge requests · postmarketOS / pmaports · GitLab
• Mastodon thread

---