From 8fedaf18cd32538c33e6913657fe86ddcfbf1505 Mon Sep 17 00:00:00 2001
From: soraefir <soraefir+git@helcel>
Date: Fri, 8 May 2026 02:20:28 +0200
Subject: [PATCH] firewall?

---
 modules/nixos/system/network/base/default.nix | 1 +
 modules/server/nftables/default.nix           | 6 ------
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/modules/nixos/system/network/base/default.nix b/modules/nixos/system/network/base/default.nix
index 5db4226..d0137e9 100644
--- a/modules/nixos/system/network/base/default.nix
+++ b/modules/nixos/system/network/base/default.nix
@@ -13,6 +13,7 @@
 
       allowedTCPPorts = 
         (if (config.syscfg.server != false && config.syscfg.server.web) then [ 80 443 22 ] else [ ]) ++ 
+        (if (config.syscfg.server != false) then [ 5432 6379 ] else [ ]) ++ 
         [ ];
     };
   };
diff --git a/modules/server/nftables/default.nix b/modules/server/nftables/default.nix
index 5cb4cb2..a69d8aa 100644
--- a/modules/server/nftables/default.nix
+++ b/modules/server/nftables/default.nix
@@ -28,12 +28,6 @@ in{
           ${if cfg.wireguard then ''tcp dport {1515} accept'' else ""}
           ${if cfg.wireguard then ''udp dport {1515} accept'' else ""}
         }
-        chain forward {
-          type filter hook forward priority filter; policy drop;
-          ct state established,related accept
-          iifname { "podman*", "veth*" } accept
-          oifname { "podman*", "veth*" } accept
-        }
       }
       ${if cfg.nftables.enable then ''
       table inet nat {