From 7f84597b56948f94fbb6b9179817ecd1514cd490 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Fri, 3 Feb 2023 00:49:56 +0100
Subject: [PATCH] modules/clerie-firewall: enable connection tracking

---
 modules/clerie-firewall/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/clerie-firewall/default.nix b/modules/clerie-firewall/default.nix
index 863ab46..d27020e 100644
--- a/modules/clerie-firewall/default.nix
+++ b/modules/clerie-firewall/default.nix
@@ -24,6 +24,9 @@ let
 
     ip46tables -N forward-filter
 
+    # Allow packets from existing connections
+    ip46tables -A forward-filter -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
     ${cfg.extraForwardFilterCommands}
 
     ip46tables -A FORWARD -j forward-filter