From 1668db739001319fcdba58cddf013c1a00e5b7c2 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Sat, 28 Jan 2023 15:31:16 +0000
Subject: [PATCH] fix: was using incorrect config for he forwarding

---
 machines/ash.nix      | 2 +-
 machines/galatea.nix  | 6 +++---
 machines/optimus.nix  | 6 +++---
 machines/vendetta.nix | 4 ++--
 machines/vigil.nix    | 4 ++--
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/machines/ash.nix b/machines/ash.nix
index db0923b..5c0b2cb 100644
--- a/machines/ash.nix
+++ b/machines/ash.nix
@@ -35,7 +35,7 @@ in {
   # these two are to be able to add the rules for firewall and dns
   # open the firewall for this
   skynet_firewall.forward = [
-    "ip saddr ${ip_pub} udp dport 51820 counter packets 0 bytes 0 accept"
+    "ip daddr ${ip_pub} udp dport 51820 counter packets 0 bytes 0 accept"
   ];
 
   skynet_dns.records = {
diff --git a/machines/galatea.nix b/machines/galatea.nix
index 5def808..fc7ed21 100644
--- a/machines/galatea.nix
+++ b/machines/galatea.nix
@@ -37,9 +37,9 @@ in {
   # these two are to be able to add the rules for firewall and dns
   # open the firewall for this
   skynet_firewall.forward = [
-    "ip saddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept"
-    "ip saddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept"
-    "ip saddr ${ip_pub} tcp dport 8000 counter packets 0 bytes 0 accept"
+    "ip daddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept"
+    "ip daddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept"
+    "ip daddr ${ip_pub} tcp dport 8000 counter packets 0 bytes 0 accept"
   ];
 
   skynet_dns.records = {
diff --git a/machines/optimus.nix b/machines/optimus.nix
index 7c96bc1..c440269 100644
--- a/machines/optimus.nix
+++ b/machines/optimus.nix
@@ -36,9 +36,9 @@ in {
   # these two are to be able to add the rules for firewall and dns
   # open the firewall for this
   skynet_firewall.forward = [
-    "ip saddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept"
-    "ip saddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept"
-    "ip saddr ${ip_pub} tcp dport 25565 counter packets 0 bytes 0 accept"
+    "ip daddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept"
+    "ip daddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept"
+    "ip daddr ${ip_pub} tcp dport 25565 counter packets 0 bytes 0 accept"
   ];
 
   skynet_dns.records = {
diff --git a/machines/vendetta.nix b/machines/vendetta.nix
index 7d5b5ec..d5bcd64 100644
--- a/machines/vendetta.nix
+++ b/machines/vendetta.nix
@@ -43,8 +43,8 @@ in {
 
   # open the firewall for this
   skynet_firewall.forward = [
-    "ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
-    "ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
+    "ip daddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
+    "ip daddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
   ];
 
   skynet_dns = {
diff --git a/machines/vigil.nix b/machines/vigil.nix
index 2119756..cd76422 100644
--- a/machines/vigil.nix
+++ b/machines/vigil.nix
@@ -42,8 +42,8 @@ in {
 
   # open the firewall for this
   skynet_firewall.forward = [
-    "ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
-    "ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
+    "ip daddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
+    "ip daddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
   ];
 
   skynet_dns = {