modules/clerie-firewall: enable connection tracking

2023-02-03 00:49:56 +01:00 · 2023-02-03 00:49:56 +01:00 · 7f84597b56
parent f05567cbce
commit 7f84597b56
1 changed files with 3 additions and 0 deletions
--- a/modules/clerie-firewall/default.nix
+++ b/modules/clerie-firewall/default.nix
@ -24,6 +24,9 @@ let

    ip46tables -N forward-filter

+    # Allow packets from existing connections
+    ip46tables -A forward-filter -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
    ${cfg.extraForwardFilterCommands}

    ip46tables -A FORWARD -j forward-filter