From 9dd1ba8b3aea39b88ebb143c9cfdc200a2955172 Mon Sep 17 00:00:00 2001
From: ashisgreat22 <dev@ashisgreat.xyz>
Date: Fri, 6 Mar 2026 23:14:43 +0100
Subject: [PATCH] fix: add Podman subnet rule for internet access

---
 modules/nixos/cloudflare-firewall.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos/cloudflare-firewall.nix b/modules/nixos/cloudflare-firewall.nix
index 3e6760d..c8d8eaa 100644
--- a/modules/nixos/cloudflare-firewall.nix
+++ b/modules/nixos/cloudflare-firewall.nix
@@ -127,6 +127,8 @@ in
             ip saddr 10.89.0.0/16 accept
             
             # Allow RFC1918 Private Networks (LAN, Containers, Link-Local)
+            # 10.89.0.0/16 covers all typical podman subnets including 10.89.2.0/24
+            ip saddr 10.89.0.0/16 accept
             ${lib.optionalString cfg.allowLocalTraffic ''
               ip saddr 10.0.0.0/8 accept
               ip saddr 172.16.0.0/12 accept