firewall changes

2023-12-07 09:09:31 +01:00
parent 83a2a9cd46
commit 71191632d4
2 changed files with 5 additions and 15 deletions
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -139,6 +139,7 @@
              "infrastructure",
              "wg_cloonar",
              "smart",
+              "podman*",
              "multimedia"
            } udp dport { 53, 67, 68 } counter accept

@@ -148,6 +149,9 @@
            # iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept
            # iifname "multimedia" ip saddr <chromecast IP> udp dport { mdns, llmnr } counter accept

+            # Allow all returning traffic
+            ct state { established, related } counter accept
+

            # Allow returning traffic from wg_cloonar and drop everthing else
            iifname "wg_cloonar" ct state { established, related } counter accept
@@ -204,7 +208,7 @@
              "multimedia",
              "smart",
              "wg_cloonar",
-              "podman1",
+              "podman*",
            } oifname {
              "wan",
            } counter accept comment "Allow trusted LAN to WAN"