many changes

hosts/fw.cloonar.com/modules/firewall.nix

@@ -72,6 +72,9 @@
               # enable flow offloading for better throughput
               # ip protocol { tcp, udp } flow offload @f
 
+              # broadcast
+              iifname "server" oifname { "lan", "multimedia" } udp dport { 9 } counter accept comment "wakeonlan"
+
               # multimedia airplay
               iifname "multimedia" oifname { "lan" } counter accept
               iifname "multimedia" oifname "server" tcp dport { 1704, 1705 } counter accept
@@ -89,9 +92,9 @@
 
               # lan and vpn to any
               # TODO: disable wan when finished
-              iifname { "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "vb-*", "vm-*", "server", "vserver", "infrastructure", "multimedia", "smart", "wg_cloonar" } counter accept
+              iifname { "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "vb-*", "vm-*", "server", "vserver", "infrastructure", "multimedia", "smart", "wg_cloonar" } counter log prefix "basic forward allow rule" accept
               iifname { "lan", "server", "wg_cloonar" } oifname { "wrwks", "wg_epicenter", "wg_ghetto_at" } counter accept
-              iifname { "infrastructure" } oifname { "server", "vserver" } log prefix "Infrastructure connection: " accept
+              iifname { "infrastructure" } oifname { "server", "vserver" } counter accept
               iifname { "lan", "wan" } udp dport { 8211, 27015 } counter accept comment "palworld"
 
               # accept palword server
@@ -132,6 +135,7 @@
           content = ''
             chain prerouting {
               type nat hook prerouting priority filter; policy accept;
+              iifname "server" ip daddr 10.42.96.255 udp dport { 9 } dnat to 10.42.96.255
               iifname "wan" tcp dport { 22 } dnat to 10.42.97.50
               iifname "wan" tcp dport { 80, 443 } dnat to 10.42.97.5
               iifname "wan" tcp dport { 5000 } dnat to 10.42.97.51