From 8a1724fe43501a6ff608e116d1ae0c4c71063a7d Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Thu, 21 Sep 2023 12:59:12 +0200
Subject: [PATCH] shinobu/router: Clean up nftables rules

---
 machines/shinobu/services/router.nix | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/machines/shinobu/services/router.nix b/machines/shinobu/services/router.nix
index 8da8d35..784563c 100644
--- a/machines/shinobu/services/router.nix
+++ b/machines/shinobu/services/router.nix
@@ -73,6 +73,7 @@ in
             iifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu
             oifname wg-upstream tcp flags syn / syn,rst tcp option maxseg size set rt mtu
 
+            # allow traffic between lan and wan
             iifname $NAT_LAN_IFACES oifname $NAT_WAN_IFACES counter accept
             iifname $NAT_WAN_IFACES oifname $NAT_LAN_IFACES ct state established,related counter accept
 
@@ -90,10 +91,6 @@ in
         }
 
         table inet nat {
-          chain prerouting {
-            type nat hook prerouting priority filter; policy accept
-          }
-
           chain postrouting {
             type nat hook postrouting priority filter; policy accept
             oifname $MASQUERADE_IFACES masquerade