wip firewall

2025-08-06 16:02:59 -05:00 · 2025-08-06 16:02:59 -05:00 · 618ab4f500
commit 618ab4f500
parent 23a7c9c59e
1 changed files with 2 additions and 3 deletions
--- a/hosts/h003/networking.nix
+++ b/hosts/h003/networking.nix
@ -109,9 +109,8 @@
        
        # --- Inter-VLAN Security ---
        # Block any NEW connection attempts between LAN and Management
-        # Log prefix helps with debugging in `dmesg` or `journalctl -k`
-        iifname "vlan20" oifname "bond0" log-prefix "DROP LAN->MGMT: " drop
-        iifname "bond0" oifname "vlan20" log-prefix "DROP MGMT->LAN: " drop
+        iifname "vlan20" oifname "bond0" drop
+        iifname "bond0" oifname "vlan20" drop

        # Explicitly allow LAN and Management to go to the WAN
        oifname "vlan10" accept