feat: autoload iptables rules

README.md

@@ -21,8 +21,8 @@ If you want to install a gui
 $EDITOR ./gui/config
 ./gui/install.sh
 
-$EDITOR ./gui/config
-./gui/install.sh
+$EDITOR ./gui/$GUI/config
+./gui/$GUI/install.sh
 ```
 
 For the dotfiles, run the script as the newly created user:

install.sh

@@ -32,6 +32,8 @@ sed -i '/^HOOKS=(/s/filesystems/encrypt filesystems/' /etc/mkinitcpio.conf
 $PACMAN "${pkg[@]}" "$cpu-ucode"
 systemctl enable     \
     NetworkManager   \
+    ip6tables        \
+    iptables         \
     podman.socket    \
     reflector.timer  \
     systemd-resolved \

rootfs/etc/iptables/ip6tables.rules

@@ -0,0 +1,6 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+COMMIT