From 22b47669f35157915b40f5933345bf53bab78ee9 Mon Sep 17 00:00:00 2001
From: nik gaffney <nik@fo.am>
Date: Wed, 24 Jan 2024 15:52:06 +0100
Subject: [PATCH] Put in earplugs

---
 config/framework13-system.org | 5 +++++
 config/framework13-system.scm | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/config/framework13-system.org b/config/framework13-system.org
index bb5aaf5..194980a 100644
--- a/config/framework13-system.org
+++ b/config/framework13-system.org
@@ -241,6 +241,8 @@ wireguard
 #+BEGIN_SRC scheme
 -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
 -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A FORWARD -i wg0 -j ACCEPT
+-A POSTROUTING -o wlp1s0 -j MASQUERADE
    #+end_src
 
 #+BEGIN_SRC scheme
@@ -265,9 +267,12 @@ SMB
 -A INPUT -m state --state NEW -m tcp -p tcp -s fd24:609a:6c18::/64 --dport 445 -j ACCEPT
    #+end_src
 wireguard
+
 #+BEGIN_SRC scheme
 -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
 -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A FORWARD -i wg0 -j ACCEPT
+-A POSTROUTING -o wlp1s0 -j MASQUERADE
       #+end_src
 
 #+BEGIN_SRC scheme
diff --git a/config/framework13-system.scm b/config/framework13-system.scm
index 54451a5..5bce30f 100644
--- a/config/framework13-system.scm
+++ b/config/framework13-system.scm
@@ -1,6 +1,6 @@
 ;; -*- mode: scheme;  coding: utf-8; -*-
 ;;
-;; tangled from framework13-system.org on 2024-01-24 15:26:24+01:00)
+;; tangled from framework13-system.org on 2024-01-24 15:51:00+01:00)
 
 (use-modules (gnu)
              (gnu packages)
@@ -141,6 +141,8 @@
 
 -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
 -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A FORWARD -i wg0 -j ACCEPT
+-A POSTROUTING -o wlp1s0 -j MASQUERADE
 
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -m conntrack --ctstate INVALID -j DROP
@@ -162,6 +164,8 @@ COMMIT
 
 -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
 -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A FORWARD -i wg0 -j ACCEPT
+-A POSTROUTING -o wlp1s0 -j MASQUERADE
 
 -A INPUT -j REJECT --reject-with icmp6-port-unreachable
 -A INPUT -m conntrack --ctstate INVALID -j DROP