From 59baf65291dab788cb6a93c4ae70b28cc35d5f56 Mon Sep 17 00:00:00 2001
From: Xiao Pan <xyz@flylightning.xyz>
Date: Sun, 4 Jan 2026 08:20:46 +0000
Subject: allow xyzmi access dns port

---
 etc/nftables.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/etc/nftables.conf b/etc/nftables.conf
index 87596f55..61a98488 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -40,6 +40,10 @@ table inet my_table {
 		tcp dport swgp-ba-forward-ca accept
 		udp dport swgp-ba-forward-ca accept
 		tcp dport monerod-p2p accept
+		iifname $wg_iface ip saddr 10.0.0.12 tcp dport domain accept comment "allow from wireguard mi ip to dns port"
+		iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::c tcp dport domain accept comment "allow from wireguard mi ip to dns port"
+		iifname $wg_iface ip saddr 10.0.0.12 udp dport domain accept comment "allow from wireguard mi ip to dns port"
+		iifname $wg_iface ip6 saddr fdc9:281f:04d7:9ee9::c udp dport domain accept comment "allow from wireguard mi ip to dns port"
 
 		pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
 		counter comment "count any other traffic"
-- 
cgit v1.2.3-70-g09d2