From bdca64969796ae1bcab528414e49c642acc2b7c9 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Sat, 9 Dec 2023 18:08:35 +0100
Subject: [PATCH] allow acces to web proxy

---
 hosts/fw.cloonar.com/modules/firewall.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index 1a08e0d..faebaa3 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -141,9 +141,13 @@
               "smart",
               "podman*",
               "multimedia"
-            } udp dport { 53, 67, 68 } counter accept
+            } udp dport { 67, 68 } counter accept
 
-            udp dport { 53 } counter accept
+            # Allow networks to access web proxy
+            iifname {
+              "lan",
+              "wg_cloonar",
+            } tcp dport { 80, 443 } counter accept
 
             # Accept mDNS for avahi reflection
             # iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept