From e15891b7018c710423672d7e4fbace2b49ae9762 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zolt=C3=A1n=20Felleg?= <zoltan.felleg@userrendszerhaz.hu>
Date: Wed, 29 Oct 2025 09:08:51 +0100
Subject: [PATCH] Updated efg.pm (added mx.pm rules).

---
 sources/efg.pm/c3d/firstboot/data/nftables.config | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/sources/efg.pm/c3d/firstboot/data/nftables.config b/sources/efg.pm/c3d/firstboot/data/nftables.config
index cfb64af..31fa22b 100644
--- a/sources/efg.pm/c3d/firstboot/data/nftables.config
+++ b/sources/efg.pm/c3d/firstboot/data/nftables.config
@@ -263,6 +263,17 @@ add rule ip efg-filter forward \
     oifname $EXTERNAL_IF tcp dport 1024-65535 \
     counter accept comment "Outgoing MX replies"
 
+add rule ip efg-filter forward \
+    iifname $PERIMETER_IF ip saddr $MX_PERIMETER_IPV4 tcp sport 1024-65535 \
+    oifname $EXTERNAL_IF tcp dport $MX_PORTS \
+    counter accept comment "Outgoing MX requests"
+
+add rule ip efg-filter forward \
+    ct state established \
+    iifname $EXTERNAL_IF tcp sport $MX_PORTS \
+    oifname $PERIMETER_IF ip daddr $MX_PERIMETER_IPV4 tcp dport 1024-65535 \
+    counter accept comment "Incoming MX replies"
+
 add rule ip efg-filter forward \
     iifname $EXTERNAL_IF \
     oifname $PERIMETER_IF ip daddr $NETLOCK_INTERNAL_IPV4 tcp dport ssh \
-- 
2.54.0