From 09cc92e55b709257a20385aebcc78eec47355faf Mon Sep 17 00:00:00 2001
From: Maurice <maurice.golverdingen@infosupport.com>
Date: Wed, 1 Oct 2025 18:03:41 +0200
Subject: [PATCH] Update firewall

---
 services/firewall/rules.nft | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/services/firewall/rules.nft b/services/firewall/rules.nft
index 4df3f03..3aa9234 100644
--- a/services/firewall/rules.nft
+++ b/services/firewall/rules.nft
@@ -82,6 +82,12 @@ table inet firewall {
     ip saddr { $lan_net, $vpn_net } tcp dport 53 accept
     ip6 saddr $lan_net6 tcp dport 53 accept
 
+    # Allow Minecraft server access from LAN and VPN
+    ip saddr { $lan_net, $vpn_net } tcp dport 25565 accept
+    ip saddr { $lan_net, $vpn_net } udp dport 25565 accept
+    ip saddr { $lan_net, $vpn_net } tcp dport 19132 accept
+    ip saddr { $lan_net, $vpn_net } udp dport 19132 accept
+
     # Rules for WAN interface only
     iifname $wan udp dport 51820 accept                   # Allow Wireguard incoming from WAN