add firewall rule

hosts/fw.cloonar.com/modules/firewall.nix

@@ -161,6 +161,18 @@
             iifname "wg_cloonar" ct state { established, related } counter accept
             iifname "wg_cloonar" drop
 
+            # Allow returning traffic from wrwks and drop everthing else
+            iifname "wrwks" ct state { established, related } counter accept
+            iifname "wrwks" drop
+
+            # Allow returning traffic from wg_epicenter and drop everthing else
+            iifname "wg_epicenter" ct state { established, related } counter accept
+            iifname "wg_epicenter" drop
+
+            # Allow returning traffic from wg_ghetto_at and drop everthing else
+            iifname "wg_ghetto_at" ct state { established, related } counter accept
+            iifname "wg_ghetto_at" drop
+
             iifname "wan" ct state { established, related } accept comment "Allow established traffic"
             iifname "wan" icmp type { echo-request, destination-unreachable, time-exceeded } counter accept comment "Allow select ICMP"
             iifname "wan" counter drop comment "Drop all other unsolicited traffic from wan"