From b89ba32f4c12593c2a3d97c0757c59fb8e1995d3 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sun, 25 Feb 2024 20:55:53 +0100
Subject: [PATCH] home.router: allow forwarding for new vlan

---
 nodes/home/router.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nodes/home/router.py b/nodes/home/router.py
index d54d230..708737e 100644
--- a/nodes/home/router.py
+++ b/nodes/home/router.py
@@ -86,6 +86,8 @@ nodes['home.router'] = {
             'forward': {
                 '50-router': [
                     'ct state { related, established } accept',
+                    'iifname enp1s0.1138 accept',
+                    'iifname enp1s0.2000 accept',
                     'ip6 nexthdr ipv6-icmp accept',
                     'tcp dport 22 accept',
                 ],
@@ -139,7 +141,6 @@ nodes['home.router'] = {
                 'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
             },
             'nftables-rules.d': {
-                'inet filter forward iifname enp1s0.1138 accept',
                 'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept',
             },
         },