From aa5e020a300a2ec0185b629a97f979febb8252fa Mon Sep 17 00:00:00 2001
From: "Chris (wolcen) Thompson" <chris@agaric.coop>
Date: Sun, 8 Jun 2025 12:16:54 -0400
Subject: [PATCH] Update firewall rules for Ollama server

---
 hosts/default/configuration.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix
index 5633617..10e4288 100644
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@@ -201,8 +201,8 @@
     checkReversePath = "loose";
     extraCommands = ''
       # Enable connections to Ollama for VPN users:
+      iptables -t filter -I INPUT --protocol TCP --source 10.40.4.0/24 --destination 10.40.4.2 --dport 8080 -j ACCEPT
       iptables -t filter -I INPUT --protocol TCP --source 10.40.4.2/32 --destination 10.40.4.2 --dport 11434 -j ACCEPT
-      iptables -t filter -I INPUT --protocol TCP --source 10.0.7.0/24 --destination 10.40.4.2 --dport 11434 -j ACCEPT
     '';
     # wireguard trips rpfilter up
     #extraCommands = ''