From 9fc3927c86640f6d77c1c5db983c1093509af439 Mon Sep 17 00:00:00 2001
From: Jermeiah S <owner@arouzing.xyz>
Date: Tue, 1 Jul 2025 17:32:55 -0400
Subject: [PATCH] firewall improved to use module tables feature

---
 modules/nixos/common/firewall.nix | 48 +++++++++++++++++--------------
 1 file changed, 26 insertions(+), 22 deletions(-)

diff --git a/modules/nixos/common/firewall.nix b/modules/nixos/common/firewall.nix
index 6c93641..25573ae 100644
--- a/modules/nixos/common/firewall.nix
+++ b/modules/nixos/common/firewall.nix
@@ -1,33 +1,37 @@
 {
-  lib,
-  pkgs,
-  config,
+  # lib,
+  # pkgs,
+  # config,
   ...
 }:
 {
   networking.nftables = {
     enable = true;
-    ruleset = ''
-      table inet filter {
-        chain input {
-          type filter hook input priority filter; policy accept;
-          ct state related,established accept
+    tables = {
+      yggSsh = {
+        name = "yggSsh";
+        family = "inet";
+        content = ''
+          chain input {
+            type filter hook input priority filter; policy accept;
+            ct state related,established accept
 
-          # Restrict ygg0: only allow SSH in
-          iifname "ygg0" tcp dport 22 accept
-          iifname "ygg0" drop
-        }
+            # Restrict ygg0: only allow SSH in
+            iifname "ygg0" tcp dport 22 accept
+            iifname "ygg0" drop
+          }
 
-        chain forward {
-          type filter hook forward priority filter; policy accept;
-          # Optional: drop forwarding via ygg0
-          iifname "ygg0" drop
-        }
+          chain forward {
+            type filter hook forward priority filter; policy accept;
+            # Optional: drop forwarding via ygg0
+            iifname "ygg0" drop
+          }
 
-        chain output {
-          type filter hook output priority filter; policy accept;
-        }
-      }
-    '';
+          chain output {
+            type filter hook output priority filter; policy accept;
+          }
+        '';
+      };
+    };
   };
 }