From 25f9674207eba88b55ce86c6fdca2af0cc2a7711 Mon Sep 17 00:00:00 2001
From: iFargle <albert@sysctl.io>
Date: Sun, 8 Oct 2023 11:04:06 +0900
Subject: [PATCH] test

---
 nixos/hosts/osaka-vultr-01/default.nix | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/nixos/hosts/osaka-vultr-01/default.nix b/nixos/hosts/osaka-vultr-01/default.nix
index 3597b6ac..a6a7ef0c 100644
--- a/nixos/hosts/osaka-vultr-01/default.nix
+++ b/nixos/hosts/osaka-vultr-01/default.nix
@@ -49,8 +49,16 @@
         listenPort = 51820;
         privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
 
-        postSetup    = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE'';
-        postShutdown = ''${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE'';
+        postSetup    = ''
+          ${pkgs.iptables}/bin/iptables -A FORWARD -i %i -j ACCEPT
+          ${pkgs.iptables}/bin/iptables -A FORWARD -o %i -j ACCEPT
+          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE
+          '';
+        postShutdown = ''
+          ${pkgs.iptables}/bin/iptables -D FORWARD -i %i -j ACCEPT
+          ${pkgs.iptables}/bin/iptables -D FORWARD -o %i -j ACCEPT
+          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE
+          '';
         # Testing
         peers = [
           { # nixos-rpi4-03