- RUN.md: start/stop/inspect/smoke-test commands for the hardened
DeerFlow stack on data-nuc, including the docker compose -f overlay
invocation and a copy-paste smoke test that verifies allow + block
destinations from inside the container.
- scripts/deerflow-firewall.sh: status now uses iptables -nvL so the
input-interface column is included, and the awk filter shows the
header plus all rules matching br-deerflow. The previous version
used -nL which omits the interface column entirely, so the grep
found nothing even when the rules were correctly installed.
DATA
7f3f9bff6e