From ece655263e14df3ad5f8721c6a4e9b3bf3a872c9 Mon Sep 17 00:00:00 2001
From: Maurice <maurice.golverdingen@infosupport.com>
Date: Tue, 30 Sep 2025 20:38:03 +0200
Subject: [PATCH] Fix rootfull podman containers

---
 services/firewall/rules.nft | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/services/firewall/rules.nft b/services/firewall/rules.nft
index a411d70..2fe3583 100644
--- a/services/firewall/rules.nft
+++ b/services/firewall/rules.nft
@@ -53,7 +53,7 @@ table inet firewall {
     type filter hook input priority 0; policy drop;
 
     ct state invalid drop                                 # early drop of invalid packets
-    ct state { established, related } accept                # allow established/related connections
+    ct state { established, related } accept              # allow established/related connections
 
     iif lo accept                                         # allow traffic from loopback interface
 
@@ -97,6 +97,9 @@ table inet firewall {
     iifname $vpn ip daddr $lan_net drop                   # Block all other VPN clients from accessing the LAN network 
   
     iifname $vpn oifname $wan accept                      # Allow VPN traffic to access WAN
+    
+    iifname "podman*" accept                              # allow traffic from podman interfaces (podman0, podman1, ...)
+    oifname "podman*" accept                              # allow traffic to podman interfaces (podman0, podman1, ...)
   }
 
   chain outgoing {