From 0ff90d54a93684a971a4ed707b503e39258b1dfd Mon Sep 17 00:00:00 2001
From: Egor Savkin <es@m-labs.hk>
Date: Thu, 10 Oct 2024 12:37:15 +0800
Subject: [PATCH] Stop rejecting packages from the tunnel

Appears that firewall rejects packages before they are getting unwrapped by GRE

Signed-off-by: Egor Savkin <es@m-labs.hk>
---
 nixbld-etc-nixos/configuration.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix
index 07f6d33..cbf19bb 100644
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@@ -92,8 +92,11 @@ in
     firewall = {
       allowedTCPPorts = [ 53 80 443 2222 7402 ];
       allowedUDPPorts = [ 53 67 500 4500 ];
-      trustedInterfaces = [ netifLan netifUSA ];
+      trustedInterfaces = [ netifLan ];
       logRefusedConnections = false;
+      extraCommands = ''
+        iptables -A INPUT -s 5.78.86.156 -j ACCEPT
+      '';
     };
     useDHCP = false;
     interfaces."${netifWan}".useDHCP = true;  # PCCW - always wants active DHCP lease or cuts you off