From 02952de4eec3b65d2612925e1ce168ed2dc5db45 Mon Sep 17 00:00:00 2001
From: Mark Nipper <nipsy@bitgnome.net>
Date: Mon, 22 Sep 2025 18:54:51 -0700
Subject: Add VPN firewall rule and enable all namespace firewall logging
 @arrakis

---
 hosts/arrakis/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'hosts')

diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix
index 392468c..c5b1f89 100644
--- a/hosts/arrakis/default.nix
+++ b/hosts/arrakis/default.nix
@@ -4,6 +4,7 @@
     kernel.sysctl = {
       "kernel.hostname" = "arrakis.bitgnome.net";
       "net.ipv4.ip_forward" = 1;
+      "net.netfilter.nf_log_all_netns" = 1;
       #"net.ipv4.conf.all.proxy_arp" = 1;
     };
     kernelPackages = pkgs.linuxPackages_6_16;
@@ -63,7 +64,7 @@
     		oifname veth.vpn skuid nipsy tcp sport 8080 accept # qBittorrent
     		oifname veth.vpn skuid nipsy tcp sport 9696 accept # Prowlarr
     		oifname veth.vpn skuid nipsy ip daddr 192.168.1.2 tcp dport { 7878, 8686, 8787, 8989 } accept # Prowlarr to { Radarr, Lidarr, Readarr, Sonarr }
-    		oifname veth.vpn skuid nipsy ip daddr 192.168.1.3 tcp dport 8080 accept # Prowlarr to qBittorrent
+    		oif lo skuid nipsy ip daddr 192.168.1.3 tcp dport 8080 accept # Prowlarr to qBittorrent
     
     		# allow any traffic out through VPN
     		oifname wg1 accept
-- 
cgit v1.2.3