From f008a8562f0ec92d631a2d639e114e77eecea61e Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Sun, 8 Dec 2024 22:42:42 +0300
Subject: [PATCH] Home: Fix masq.

---
 host/x86_64-linux/home/Network.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/host/x86_64-linux/home/Network.nix b/host/x86_64-linux/home/Network.nix
index 0f9ed635..b02eb14c 100644
--- a/host/x86_64-linux/home/Network.nix
+++ b/host/x86_64-linux/home/Network.nix
@@ -153,11 +153,12 @@ in {
 		firewall = {
 			enable = true;
 			extraCommands = util.trimTabs ''
-				# Wan access for 10.0.0.0/8 subnet.
-				iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 0/0 -o ${wan} -j MASQUERADE
+				# Wan access for 10.0.0.0/24 subnet.
+				iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 0/0 -o ${wan} -j MASQUERADE
 
 				# Full access from Lan.
-				ip46tables -I INPUT -j ACCEPT -i ${lan}
+				iptables  -I INPUT -j ACCEPT -i ${lan} -d ${internal}
+				ip6tables -I INPUT -j ACCEPT -i ${lan} -d ${internal6}
 
 				# Public email server.
 				ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 25