From bdc8239c195fe865c26b83a125233df0a7bd02ca Mon Sep 17 00:00:00 2001
From: nyanloutre <paul@nyanlout.re>
Date: Tue, 14 May 2024 22:24:36 +0200
Subject: [PATCH] revert a6ce24d547353e461327b4dd17f5a7a553501a50

revert fix firewall
---
 systems/LoutreOS/configuration.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix
index 5da49ec..9cabaec 100644
--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@@ -107,6 +107,15 @@
         ];
       };
       extraCommands = ''
+        ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true
+        ip6tables -w -F loutreos-forward 2>/dev/null || true
+        ip6tables -w -X loutreos-forward 2>/dev/null || true
+        ip6tables -w -N loutreos-forward
+        ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
+        ip6tables -A loutreos-forward -j ACCEPT -i eno2
+        ip6tables -A loutreos-forward -j nixos-fw-log-refuse
+        ip6tables -w -A FORWARD -j loutreos-forward
+
         # Redirect local network request from server external IP to internal IP
         # Make the server available even without internet access
         iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true
@@ -130,7 +139,6 @@
       };
       dhcpPrefixDelegationConfig.SubnetId = "0";
     };
-    "40-eno1".linkConfig.RequiredForOnline = "no";
     "40-eno2" = {
       networkConfig = {
         IPv6SendRA = true;