From 9f42949d3dcd2483b8ae9509cf483257c56752ad Mon Sep 17 00:00:00 2001
From: wvr <mitch@wvr.sh>
Date: Fri, 20 Feb 2026 00:46:09 -0600
Subject: [PATCH] asdf

---
 caddy/iptables/iptables-caddy.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/caddy/iptables/iptables-caddy.sh b/caddy/iptables/iptables-caddy.sh
index c46a39c..85a42d1 100755
--- a/caddy/iptables/iptables-caddy.sh
+++ b/caddy/iptables/iptables-caddy.sh
@@ -20,8 +20,10 @@ iptables -P FORWARD DROP
 
 # allow any tcp traffic on local lan
 iptables -A OUTPUT -j ACCEPT -d $SUBNET.0/24 -p tcp -m state --state NEW,ESTABLISHED,RELATED
-# only allow input on 443
+# allow input both 443 and 80
+# NOTE: need 80 as well for letsencrypt dont disable idiot
 iptables -A INPUT  -j ACCEPT -d $SUBNET.0/24 -p tcp --dport 443 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A INPUT  -j ACCEPT -d $SUBNET.0/24 -p tcp --dport 80  -m state --state NEW,ESTABLISHED,RELATED
 # ========================================================================
 
 # dns to pihole