From 618ab4f50071a2b1f50f3184897c6241def3bcf5 Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Wed, 6 Aug 2025 16:02:59 -0500
Subject: [PATCH] wip firewall

---
 hosts/h003/networking.nix | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hosts/h003/networking.nix b/hosts/h003/networking.nix
index a71ef4a..17b92ad 100644
--- a/hosts/h003/networking.nix
+++ b/hosts/h003/networking.nix
@@ -109,9 +109,8 @@
         
         # --- Inter-VLAN Security ---
         # Block any NEW connection attempts between LAN and Management
-        # Log prefix helps with debugging in `dmesg` or `journalctl -k`
-        iifname "vlan20" oifname "bond0" log-prefix "DROP LAN->MGMT: " drop
-        iifname "bond0" oifname "vlan20" log-prefix "DROP MGMT->LAN: " drop
+        iifname "vlan20" oifname "bond0" drop
+        iifname "bond0" oifname "vlan20" drop
 
         # Explicitly allow LAN and Management to go to the WAN
         oifname "vlan10" accept