From 0ec9252419af08b5c3c794adf4679fd46f6882dd Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Thu, 30 Nov 2023 22:31:32 +0100
Subject: [PATCH] add wan to allowed everywhere

---
 hosts/fw.cloonar.com/modules/firewall.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index 26aa5a1..8ba563f 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -64,7 +64,8 @@
             iifname "multimedia" oifname { "lan" } counter accept
 
             # lan and vpn to any
-            iifname { "lan", "wg_cloonar" } oifname { "server", "multimedia", "smart", "wrwks", "wg_epicenter", "wg_ghetto_at" } counter accept
+            # TODO: disable wan when finished
+            iifname { "wan", "lan", "wg_cloonar" } oifname { "server", "multimedia", "smart", "wrwks", "wg_epicenter", "wg_ghetto_at" } counter accept
 
             # Allow trusted network WAN access
             iifname {