From 67458e15f442d16d645f92b8f3de5f226212696a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 2 Jan 2018 18:24:40 +0100
Subject: [PATCH] iptables: set empty default rules

---
 krebs/3modules/iptables.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index d64ed86de..6298a05a5 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -61,6 +61,15 @@ let
           };
         };
       })));
+      default = {
+        filter.INPUT.policy = "ACCEPT";
+        filter.FORWARD.policy = "ACCEPT";
+        filter.OUTPUT.policy = "ACCEPT";
+        nat.PREROUTING.policy = "ACCEPT";
+        nat.INPUT.policy = "ACCEPT";
+        nat.OUTPUT.policy = "ACCEPT";
+        nat.POSTROUTING.policy = "ACCEPT";
+      };
     };
   };