From ab9fff95a139355757e4bdc584ad00157991bd2b Mon Sep 17 00:00:00 2001
From: s0me1newithhand7s <git+me@hand7s.org>
Date: Fri, 29 May 2026 00:14:49 +0300
Subject: [PATCH] chore(ada): firewalld hardening

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
---
 ada/services/firewalld.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/ada/services/firewalld.nix b/ada/services/firewalld.nix
index 0602c8d..3340688 100644
--- a/ada/services/firewalld.nix
+++ b/ada/services/firewalld.nix
@@ -3,8 +3,21 @@ _: {
     firewalld = {
       enable = true;
 
+      settings = {
+        IPv6_rpfilter = "strict";
+        CleanupModulesOnExit = true;
+        StrictForwardPorts = true;
+        logDenied = "off";
+        FlushAllOnReload = "yes";
+        ReloadPolicy = "DROP";
+        RFC3964_IPv4 = "yes";
+        NftablesCounters = "no";
+        NftablesTableOwner = "yes";
+        IndividualCalls = "no";
+      };
+
       zones = {
-        "eno1" = {
+        "wan" = {
           interfaces = [
             "ens1"
           ];