From c5596f9a04faba745dbe9ed81987f3e11c140663 Mon Sep 17 00:00:00 2001
From: nyanloutre <paul@nyanlout.re>
Date: Tue, 14 May 2024 22:54:04 +0200
Subject: [PATCH] revert a6ce24d547353e461327b4dd17f5a7a553501a50 (#3)

revert fix firewall

Reviewed-on: https://gitea.nyanlout.re/nyanloutre/nixos-config/pulls/3
---
 systems/LoutreOS/configuration.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix
index 5da49ec..a6e4dca 100644
--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@@ -107,11 +107,25 @@
         ];
       };
       extraCommands = ''
+        ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true
+        ip6tables -w -F loutreos-forward 2>/dev/null || true
+        ip6tables -w -X loutreos-forward 2>/dev/null || true
+        ip6tables -w -N loutreos-forward
+        ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
+        ip6tables -A loutreos-forward -j ACCEPT -i eno2
+        ip6tables -A loutreos-forward -j nixos-fw-log-refuse
+        ip6tables -w -A FORWARD -j loutreos-forward
+
         # Redirect local network request from server external IP to internal IP
         # Make the server available even without internet access
         iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true
         iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1
       '';
+      # remove refs to nixos-fw-log-refuse before restarting firewall
+      # prevents "ressource busy" errors
+      extraStopCommands = ''
+        ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true
+      '';
     };
   };