From edbde9800623dc6bb2c6e6a3f7485755e80cb5c2 Mon Sep 17 00:00:00 2001
From: JuliusFreudenberger <julius+git@jfreudenberger.de>
Date: Wed, 11 Mar 2026 23:13:30 +0100
Subject: [PATCH] Remove firewall rules for wireguard and set rpfilter to loose

---
 modules/network-client.nix | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/modules/network-client.nix b/modules/network-client.nix
index 4efdecd..a72a9f3 100644
--- a/modules/network-client.nix
+++ b/modules/network-client.nix
@@ -13,19 +13,7 @@
     firewall = {
       # if packets are still dropped, they will show up in dmesg
       logReversePathDrops = true;
-      # wireguard trips rpfilter up
-      extraCommands = ''
-        iptables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 1194 -j RETURN
-        ip6tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 1194 -j RETURN
-        iptables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 1194 -j RETURN
-        ip6tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 1194 -j RETURN
-      '';
-      extraStopCommands = ''
-        iptables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 1194 -j RETURN || true
-        ip6tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 1194 -j RETURN || true
-        iptables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 1194 -j RETURN || true
-        ip6tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 1194 -j RETURN || true
-      '';
+      checkReversePath = "loose";
     };
   };
 }