From 1a6a8aa58493132cfec0c03bb8ac70c91afaf1e7 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Wed, 6 Dec 2023 14:36:06 +0100
Subject: [PATCH] forward all established

---
 hosts/fw.cloonar.com/modules/firewall.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index 040bc73..7cf7681 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -193,6 +193,9 @@
             iifname { "lan", "wg_cloonar" } oifname { "wrwks", "wg_epicenter", "wg_ghetto_at" } counter accept
             iifname { "infrastructure" } oifname { "server", "vserver" } counter accept
 
+            # allow all established, related
+            ct state { established, related } accept comment "Allow established traffic"
+
             # Allow trusted network WAN access
             iifname {
               "lan",