From 0d8abbc314c8abb2769e331c169391a8e6810f08 Mon Sep 17 00:00:00 2001
From: Daniel Barlow <dan@telent.net>
Date: Mon, 18 Mar 2024 20:13:22 +0000
Subject: [PATCH] extneder: delete kernel firewall config

we don't need nftables for a bridge
---
 examples/extneder.nix | 35 -----------------------------------
 1 file changed, 35 deletions(-)

diff --git a/examples/extneder.nix b/examples/extneder.nix
index 802791b..7156f70 100644
--- a/examples/extneder.nix
+++ b/examples/extneder.nix
@@ -29,41 +29,6 @@ in rec {
 
   hostname = "extneder";
 
-  kernel = {
-    config = {
-
-      NETFILTER_XT_MATCH_CONNTRACK = "y";
-
-      IP6_NF_IPTABLES = "y"; # do we still need these
-      IP_NF_IPTABLES = "y"; # if using nftables directly
-
-      # these are copied from rotuer and need review.
-      # we're not running a firewall, so why do we need
-      # nftables config?
-      IP_NF_NAT = "y";
-      IP_NF_TARGET_MASQUERADE = "y";
-      NETFILTER = "y";
-      NETFILTER_ADVANCED = "y";
-      NETFILTER_XTABLES = "y";
-
-      NFT_COMPAT = "y";
-      NFT_CT = "y";
-      NFT_LOG = "y";
-      NFT_MASQ = "y";
-      NFT_NAT = "y";
-      NFT_REJECT = "y";
-      NFT_REJECT_INET = "y";
-
-      NF_CONNTRACK = "y";
-      NF_NAT = "y";
-      NF_NAT_MASQUERADE = "y";
-      NF_TABLES = "y";
-      NF_TABLES_INET = "y";
-      NF_TABLES_IPV4 = "y";
-      NF_TABLES_IPV6 = "y";
-    };
-  };
-
   profile.wap = {
     interfaces =  with config.hardware.networkInterfaces; [
       lan