From 4c1f9f0e78897ce8357f9596ff6856f2946e4bcb Mon Sep 17 00:00:00 2001
From: soraefir <soraefir+git@helcel>
Date: Fri, 8 May 2026 02:17:10 +0200
Subject: [PATCH] nft

---
 modules/server/nftables/default.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/server/nftables/default.nix b/modules/server/nftables/default.nix
index 7fcbb46..5cb4cb2 100644
--- a/modules/server/nftables/default.nix
+++ b/modules/server/nftables/default.nix
@@ -27,8 +27,12 @@ in{
           ${if cfg.web then ''udp dport {80, 443} accept'' else ""}
           ${if cfg.wireguard then ''tcp dport {1515} accept'' else ""}
           ${if cfg.wireguard then ''udp dport {1515} accept'' else ""}
-          
-          
+        }
+        chain forward {
+          type filter hook forward priority filter; policy drop;
+          ct state established,related accept
+          iifname { "podman*", "veth*" } accept
+          oifname { "podman*", "veth*" } accept
         }
       }
       ${if cfg.nftables.enable then ''