From 899cc36c8bfff4ac7ed220b7da288cd054043087 Mon Sep 17 00:00:00 2001
From: asonix <asonix@asonix.dog>
Date: Wed, 3 Jul 2024 23:09:14 -0500
Subject: [PATCH] Reject forwarding traffic

---
 modules/router/default.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/router/default.nix b/modules/router/default.nix
index d6f2633..cbcd846 100644
--- a/modules/router/default.nix
+++ b/modules/router/default.nix
@@ -187,7 +187,7 @@ in
         table inet filter {
           set hosted_services_tcp {
             type inet_service; flags interval;
-            elements = { 22, 80, 443, $DRAWPILE_TCP_PORT }
+            elements = { 22, $FORGEJO_SSH_PORT, 80, 443, $DRAWPILE_TCP_PORT }
           }
 
           set internal_access_tcp {
@@ -264,6 +264,8 @@ in
               $DEVICES : jump devices_out,
               $WIFI : jump wifi_out
             }
+
+            jump reject_politely
           }
 
           chain input {