From ab7be188fcea2103d765451c996cd12f3a22b760 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 20 Mar 2024 13:21:14 +0100
Subject: [PATCH] sgx: dcap firewall rules

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
---
 systems/x86_64-linux/sgx-nixos/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/systems/x86_64-linux/sgx-nixos/default.nix b/systems/x86_64-linux/sgx-nixos/default.nix
index c7e2046..d08852e 100644
--- a/systems/x86_64-linux/sgx-nixos/default.nix
+++ b/systems/x86_64-linux/sgx-nixos/default.nix
@@ -4,6 +4,12 @@ with lib.metacfg;
 {
   imports = [ ./hardware-configuration.nix ];
 
+  boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
+  networking.firewall.extraCommands = ''
+    iptables -t nat -A OUTPUT -o lo -p tcp --dport 8081 -j DNAT --to-destination 192.168.122.1:8081
+    iptables -t nat -A POSTROUTING -j MASQUERADE
+  '';
+
   metacfg = {
     base.enable = true;
     nix-ld.enable = true;