From ff7006318cd00a9b059927edd10e772c7e854dd2 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Mon, 8 Mar 2021 19:57:51 -0500
Subject: mullvad setup

---
 modules/simple-firewall.nix | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

(limited to 'modules/simple-firewall.nix')

diff --git a/modules/simple-firewall.nix b/modules/simple-firewall.nix
index f2b4405..7a3ad3e 100644
--- a/modules/simple-firewall.nix
+++ b/modules/simple-firewall.nix
@@ -23,8 +23,6 @@ in
 
   config = lib.mkIf cfg.enable {
     networking.firewall.enable = lib.mkForce false;
-
-    boot.blacklistedKernelModules = ["ip_tables"];
     networking.nftables.enable = true;
 
     networking.nftables.ruleset =
@@ -52,13 +50,13 @@ in
 
           ct state {established, related} accept
 
-          ip protocol icmp limit rate 4/second counter name icmp-allowed accept
-          ip6 nexthdr ipv6-icmp limit rate 4/second counter name icmp6-allowed accept
+          ip protocol icmp limit rate 4/second counter accept
+          ip6 nexthdr ipv6-icmp limit rate 4/second counter accept
 
-          tcp dport @allowed_tcp_ports counter name tcp-allowed accept
-          udp dport @allowed_udp_ports counter name udp-allowed accept
+          tcp dport @allowed_tcp_ports counter accept
+          udp dport @allowed_udp_ports counter accept
 
-          counter name dropped drop
+          counter drop
         }
 
         chain output {
-- 
cgit v1.2.3