From f605c9c843c5033e325931ed2dc3664e0cbcbf5d Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Mon, 8 Mar 2021 17:39:28 -0500
Subject: Disable jack audio on firelink

---
 modules/simple-firewall.nix | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'modules')

diff --git a/modules/simple-firewall.nix b/modules/simple-firewall.nix
index 2585a5d..f2b4405 100644
--- a/modules/simple-firewall.nix
+++ b/modules/simple-firewall.nix
@@ -24,6 +24,7 @@ in
   config = lib.mkIf cfg.enable {
     networking.firewall.enable = lib.mkForce false;
 
+    boot.blacklistedKernelModules = ["ip_tables"];
     networking.nftables.enable = true;
 
     networking.nftables.ruleset =
@@ -51,13 +52,13 @@ in
 
           ct state {established, related} accept
 
-          ip protocol icmp limit rate 4/second counter accept
-          ip6 nexthdr ipv6-icmp limit rate 4/second counter accept
+          ip protocol icmp limit rate 4/second counter name icmp-allowed accept
+          ip6 nexthdr ipv6-icmp limit rate 4/second counter name icmp6-allowed accept
 
-          tcp dport @allowed_tcp_ports counter accept
-          udp dport @allowed_udp_ports counter accept
+          tcp dport @allowed_tcp_ports counter name tcp-allowed accept
+          udp dport @allowed_udp_ports counter name udp-allowed accept
 
-          counter drop
+          counter name dropped drop
         }
 
         chain output {
-- 
cgit v1.2.3