From c9126cdbad7cfee5332a981fa1d4cb21b8fb910f Mon Sep 17 00:00:00 2001
From: Aditya <bluenerd@protonmail.com>
Date: Sat, 16 Mar 2024 00:21:50 +0530
Subject: [PATCH] update incus container internet connectivity

---
 content/post/install-incus-on-nixos.md | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/content/post/install-incus-on-nixos.md b/content/post/install-incus-on-nixos.md
index 4c0a608..8a0aca4 100644
--- a/content/post/install-incus-on-nixos.md
+++ b/content/post/install-incus-on-nixos.md
@@ -1,7 +1,7 @@
 ---
 title: "Install Incus on Nixos"
 date: 2024-02-29T19:14:10+05:30
-lastmod: 2024-02-29T19:14:10+05:30
+lastmod: 2024-03-16T00:21:10+05:30
 draft: false;
 keywords: [incus, nixos]
 description: ""
@@ -73,7 +73,7 @@ networking.bridges = { incusbr0.interfaces = []; };
 ```
 This is used to provide NAT'd internet to the guest. It is manipulated directly by incus, so no need to specify any bridged interfaces here.
 
-Add firewall rules to enable networking in the container
+<s>Add firewall rules to enable networking in the container
 ```nix
 networking.firewall.extraCommands = ''
     iptables -A INPUT incusbr0 -j ACCEPT
@@ -82,8 +82,16 @@ networking.firewall.extraCommands = ''
     iptables -A OUTPUT -o incusbr0 -j ACCEPT
 '';
 ```
+</s>
 
+Incus on NixOS dropped `iptables` support and recommends using `nftables`. Enable `nftables` and add `incusbr0` to trusted interfaces.
+
+```nix
+networking.nftables.enable = true;
+networking.firewall.trustedInterfaces = [ "incusbr0" ];
+```
 Enable lxcfs to use it
+
 ```nix
 virtualisation.lxc.lxcfs.enable = true;
 ```