From 9572063e04bffcb8d6fafcf39893064790dbe3f4 Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Wed, 29 Jan 2025 22:32:03 +0100
Subject: [PATCH] Allow wireguard traffic.

---
 hosts/nixos/configuration.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/hosts/nixos/configuration.nix b/hosts/nixos/configuration.nix
index a26f02d..a34d85f 100644
--- a/hosts/nixos/configuration.nix
+++ b/hosts/nixos/configuration.nix
@@ -94,6 +94,21 @@
     fsType = "nfs";
   };
 
+  # Allow for wireguard traffic
+  networking.firewall = {
+    # if packets are still dropped, they will show up in dmesg
+    logReversePathDrops = true;
+    # wireguard trips rpfilter up
+    extraCommands = ''
+      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
+      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
+    '';
+    extraStopCommands = ''
+      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
+      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
+    '';
+  };
+
   # DO NOT CHANGE
   system.stateVersion = "24.11";
 }