From 26bafa406a0fe937213348dbdae47095b0e1b200 Mon Sep 17 00:00:00 2001
From: nik gaffney <nik@fo.am>
Date: Tue, 23 Jan 2024 20:36:25 +0100
Subject: [PATCH] Put in earplugs

---
 config/framework13-system.org | 6 ++++--
 config/framework13-system.scm | 8 +++++---
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/config/framework13-system.org b/config/framework13-system.org
index cd11a2c..aaf049e 100644
--- a/config/framework13-system.org
+++ b/config/framework13-system.org
@@ -229,6 +229,8 @@ use dovecot for local IMAP
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
 -A INPUT -p udp -m udp --dport 5353 -j ACCEPT
+-A INPUT -p udp -m udp --dport 51820 -j ACCEPT
+-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
 -A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
 -A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
 -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
@@ -247,8 +249,8 @@ COMMIT
 -A INPUT -p udp -m udp --dport 5353 -j ACCEPT
 -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
 -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
--A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
--A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
+-A INPUT -p udp -m udp -s fd24:609a:6c18::/64 --dport 137 -j ACCEPT
+-A INPUT -p udp -m udp -s fd24:609a:6c18::/64 --dport 138 -j ACCEPT
 -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
 -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 445 -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp6-port-unreachable
diff --git a/config/framework13-system.scm b/config/framework13-system.scm
index 330f3b3..b85bdf6 100644
--- a/config/framework13-system.scm
+++ b/config/framework13-system.scm
@@ -1,6 +1,6 @@
 ;; -*- mode: scheme;  coding: utf-8; -*-
 ;;
-;; tangled from framework13-system.org on 2024-01-23 17:38:17+01:00)
+;; tangled from framework13-system.org on 2024-01-23 20:36:10+01:00)
 
 (use-modules (gnu)
              (gnu packages)
@@ -133,6 +133,8 @@
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
 -A INPUT -p udp -m udp --dport 5353 -j ACCEPT
+-A INPUT -p udp -m udp --dport 51820 -j ACCEPT
+-A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
 -A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
 -A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
 -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
@@ -151,8 +153,8 @@ COMMIT
 -A INPUT -p udp -m udp --dport 5353 -j ACCEPT
 -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
 -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
--A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137 -j ACCEPT
--A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 138 -j ACCEPT
+-A INPUT -p udp -m udp -s fd24:609a:6c18::/64 --dport 137 -j ACCEPT
+-A INPUT -p udp -m udp -s fd24:609a:6c18::/64 --dport 138 -j ACCEPT
 -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 139 -j ACCEPT
 -A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/16 --dport 445 -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp6-port-unreachable