From 5d69b79790b143d49254e69eeabed55b19404e5c Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Wed, 6 Dec 2023 12:50:41 +0100
Subject: [PATCH] change firewall

---
 hosts/fw.cloonar.com/modules/firewall.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index 09c023f..fb290cf 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -177,7 +177,8 @@
 
             # lan and vpn to any
             # TODO: disable wan when finished
-            iifname { "wan", "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "vb-*", "server", "vserver", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
+            iifname { "wan", "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "vb-*", "server", "vserver", "infrastructure", "multimedia", "smart", "wg_cloonar" } counter accept
+            iifname { "lan", "wg_cloonar" } oifname { "wrwks", "wg_epicenter", "wg_ghetto_at" } counter accept
             iifname { "infrastructure" } oifname { "server", "vserver" } counter accept
 
             # Allow trusted network WAN access