feat: autoload iptables rules

README.md

@@ -21,8 +21,8 @@ If you want to install a gui
 $EDITOR ./gui/config
 ./gui/install.sh
 
-$EDITOR ./gui/config
-./gui/install.sh
+$EDITOR ./gui/$GUI/config
+./gui/$GUI/install.sh
 ```
 
 For the dotfiles, run the script as the newly created user:

install.sh

@@ -30,11 +30,13 @@ sed -i '/^HOOKS=(/s/filesystems/encrypt filesystems/' /etc/mkinitcpio.conf
 
 # Packages
 $PACMAN "${pkg[@]}" "$cpu-ucode"
-systemctl enable      \
-    NetworkManager    \
-    podman.socket     \
-    reflector.timer   \
-    systemd-resolved  \
+systemctl enable     \
+    NetworkManager   \
+    ip6tables        \
+    iptables         \
+    podman.socket    \
+    reflector.timer  \
+    systemd-resolved \
     systemd-timesyncd
 
 if ls -d /sys/class/power_supply/BAT*/ > /dev/null 2>&1; then

rootfs/etc/iptables/ip6tables.rules

@@ -0,0 +1,6 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+COMMIT