From d6e0783dd3c72dc05f18bb72b5054fc68356f916 Mon Sep 17 00:00:00 2001
From: Mark Nipper <nipsy@bitgnome.net>
Date: Mon, 22 Sep 2025 18:25:59 -0700
Subject: Add VPN firewall rule @arrakis

---
 hosts/arrakis/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'hosts')

diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix
index 6ca2eff..392468c 100644
--- a/hosts/arrakis/default.nix
+++ b/hosts/arrakis/default.nix
@@ -68,7 +68,8 @@
     		# allow any traffic out through VPN
     		oifname wg1 accept
     
-    		# drop everything else
+                # drop everything else
+                tcp flags & (fin | syn | rst | ack) == syn log prefix "refused connection: " level info
     		counter drop
     	}
     
-- 
cgit v1.2.3