From 94dfe5a86857fdd0ae410f05ed56633636e50c7c Mon Sep 17 00:00:00 2001
From: Sonny Bakker <sonny871@hotmail.com>
Date: Tue, 30 Dec 2025 20:27:03 +0100
Subject: [PATCH] Add firewall comments

---
 templates/nftables.j2 | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/templates/nftables.j2 b/templates/nftables.j2
index 98f079c..961a489 100644
--- a/templates/nftables.j2
+++ b/templates/nftables.j2
@@ -78,15 +78,15 @@ table ip filter {
 
   # docker's user configurable forward hook chain
   chain DOCKER-USER {
-    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept
-    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept
-    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept
-    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ mpd_app_ip }} accept
+    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept comment "Transmission NGINX"
+    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept comment "Syncthing NGINX"
+    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept comment "Radicale NGINX"
+    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ mpd_app_ip }} accept comment "MPD app"
 
-    iifname {{ vpn_media_interface }} ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept
+    iifname {{ vpn_media_interface }} ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept comment "Jellyfin NGINX"
   }
 
   chain output {
-    type filter hook output priority filter;
+    type filter hook output priority filter; policy accept;
   }
 }