From 9d2409a60c76198c95f13f5164dd59d579df7472 Mon Sep 17 00:00:00 2001
From: albert <albert@sysctl.io>
Date: Sun, 9 Mar 2025 15:30:03 -0700
Subject: [PATCH] Update

---
 nixos/hosts/frankfurt-linode-01/firewall.nix | 25 ++++++++------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/nixos/hosts/frankfurt-linode-01/firewall.nix b/nixos/hosts/frankfurt-linode-01/firewall.nix
index f4508a53..96ef1827 100644
--- a/nixos/hosts/frankfurt-linode-01/firewall.nix
+++ b/nixos/hosts/frankfurt-linode-01/firewall.nix
@@ -6,7 +6,7 @@
         80    # HTTP
         443   # HTTPS
         42420 # Vintage Story
-        # 25565 # Minecraft
+        25565 # Minecraft
         25    # Mailserver
         143   # Mailserver
         465   # Mailserver
@@ -17,21 +17,20 @@
       ];
       allowedUDPPorts = [
         10000 # Jitsi Meet (udp)
-        # 15636 # Enshrouded - Game
-        # 15637 # Enshrouded - Query Port
+        15636 # Enshrouded - Game
+        15637 # Enshrouded - Query Port
       ];
     };
 
     nftables = {
       enable = true;
-      # NOTE:  If these need to be re-enabled, move them to the PREROUTING chain below
-      # iifname "enp0s4" udp dport 15636 dnat to 10.100.1.2:15636;
-      # iifname "enp0s4" udp dport 15637 dnat to 10.100.1.2:15637;
       ruleset = ''
           table ip nat {
             chain PREROUTING {
               type nat hook prerouting priority dstnat; policy accept;
               iifname "enp0s4" udp dport 10000 dnat to 10.100.0.2:10000;
+              iifname "enp0s4" udp dport 15636 dnat to 10.100.1.2:15636;
+              iifname "enp0s4" udp dport 15637 dnat to 10.100.1.2:15637;
             }
           }
       '';
@@ -43,8 +42,8 @@
       externalInterface = "wireguard0";
       forwardPorts =  [
         { sourcePort = 10000; proto = "udp"; destination = "10.100.0.2:10000"; }
-        # { sourcePort = 15636; proto = "udp"; destination = "10.100.1.2:15636"; }
-        # { sourcePort = 15637; proto = "udp"; destination = "10.100.1.2:15637"; }
+        { sourcePort = 15636; proto = "udp"; destination = "10.100.1.2:15636"; }
+        { sourcePort = 15637; proto = "udp"; destination = "10.100.1.2:15637"; }
       ];
     };
   };
@@ -64,7 +63,6 @@
       frontend http
         mode http
         bind :80
-        # bind :::80 v4v6
         # bind :443 ssl crt /Storage/Data/Docker/sysctl.io/letsencrypt/external/*.sysctl.io/combined.pem
         
         acl is-blocked-ip src -f /etc/haproxy-blocked-ips
@@ -84,10 +82,7 @@
         bind :25565 
         bind :4443  
         bind :443  
-        # bind :::25565 v4v6
-        # bind :::4443 v4v6
-        # bind :::443 v4v6
-
+        
         acl is-blocked-ip src -f /etc/haproxy-blocked-ips
         http-request deny if is-blocked-ip
 
@@ -104,7 +99,7 @@
         bind :587
         bind :993
         bind :4190
-       
+        default_backend backend_mail 
       backend backend_mail
         mode tcp 
         server mailserver-wg 10.100.1.3
@@ -112,7 +107,6 @@
       frontend vintage-story
         mode tcp 
         bind :42420
-        # bind :::42420 v4v6
         default_backend backend_vintage-story 
       backend backend_vintage-story
         mode tcp
@@ -378,3 +372,4 @@
     66.249.79.96/27
   '';
 }
+