From 222d538de66f63413f3753eae55c509f4096fe4b Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 1 Aug 2021 14:50:31 +0200
Subject: [PATCH] Block IP4 traffic from and to guest network

---
 hosts/carbon/configuration.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix
index 27d7041..e36b1c3 100644
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@@ -115,6 +115,13 @@
 
   networking.firewall.allowedUDPPorts = [ 60001 ];
 
+  networking.firewwall.extraCommands = [
+    "iptables -A FORWARD -i enp1s0.202 -o enp1s0.102 -j ACCEPT"
+    "iptables -A FORWARD -i enp1s0.202 -j DROP"
+    "iptables -A FORWARD -i enp1s0.102 -o enp1s0.202 -j ACCEPT"
+    "iptables -A FORWARD -o enp1s0.202 -j DROP"
+  ];
+
   # Routing tables
   # Table: 10000
   # - primary routes