From 63d5ff273b29c8c9643b57da0ded55180da0d8da Mon Sep 17 00:00:00 2001
From: asonix <asonix@asonix.dog>
Date: Sat, 6 Jul 2024 14:08:58 -0500
Subject: [PATCH] Always allow inbound wireguard

---
 modules/router/default.nix | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/modules/router/default.nix b/modules/router/default.nix
index c35333b..942c4c8 100644
--- a/modules/router/default.nix
+++ b/modules/router/default.nix
@@ -226,11 +226,6 @@ in
             elements = { 22, 3128 }
           }
 
-          set internal_access_udp {
-            type inet_service; flags interval;
-            elements = { 51820 }
-          }
-
           set network_required_udp {
             type inet_service; flags interval;
             elements = { 53, 67, 68, 546, 547 }
@@ -331,13 +326,7 @@ in
               $WAN : jump rate_limit
             }
 
-            udp dport @internal_access_udp ct state new iifname vmap {
-              $BRIDGE : accept,
-              $WG0 : accept,
-              $DEVICES : jump reject_politely,
-              $WIFI : jump rate_limit,
-              $WAN : jump rate_limit
-            }
+            udp dport 51820 ct state new accept comment "Allow wireguard"
 
             udp dport @network_required_udp ct state new accept comment "Allow internal network required stuff"