fix mesh filtering

shared/commons/nftables.nix

@@ -1,13 +1,16 @@
-{ lib, ... }:
+{ config, lib, ... }:
 
 let
     # Import nodes
     nodes = import ./../../nodes.nix;
-    myPeer = nodes."${config.hostName}";
+    myName = config.hostName;
+
+    # Import mapping
+    mapping = import ./../../mapping.nix;
 
     meshUdpRange = "51000-${toString (51000 + builtins.head (
         builtins.sort (a: b: a > b) (
-    l   ib.mapAttrsToList (name: node: node.id) nodes)))}";
+        lib.mapAttrsToList (name: node: node.id) nodes)))}";
 in
 {
     networking = {
@@ -49,7 +52,7 @@ in
                             # Mesh
                             udp dport ${meshUdpRange} accept
 
-                            ${if lib.elem myPeer mapping.bastion then ''
+                            ${if lib.elem myName mapping.bastion then ''
                                 # Mgmt
                                 udp dport 51920 accept
                             '' else ""}
@@ -65,7 +68,12 @@ in
                             ct state related,established accept
                             ct state invalid counter drop
 
-                            iifname mgmt oifname mesh accept
+                            ${if lib.elem myName mapping.bastion then ''
+                                iifname mgmt oifname mesh* accept
+                            '' else ""}
+
+                            # Allow mesh bounces
+                            iifname mesh* oifname mesh* accept
                         }
                         chain output {
                             type filter hook output priority 0; policy accept;