From 6c3bbbf72b067de6a0cfb42a62cb2016bdc3cac8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 7 Apr 2026 12:47:03 +0000
Subject: [PATCH] Fix Hub false closed port detection: is_listening alone is
 sufficient; add nftables package

Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/b57cc894-c639-400e-93f0-c1dc5d48870b

Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
---
 app/sovran_systemsos_web/server.py | 5 ++++-
 configuration.nix                  | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/sovran_systemsos_web/server.py b/app/sovran_systemsos_web/server.py
index 67c71ff..0721387 100644
--- a/app/sovran_systemsos_web/server.py
+++ b/app/sovran_systemsos_web/server.py
@@ -685,7 +685,10 @@ def _check_port_status(
         for pt in ports_set
     )
 
-    if is_listening and is_allowed:
+    # A process bound to the port is the authoritative signal; firewall
+    # detection (nft/iptables) is only used as a secondary hint when nothing
+    # is listening yet.
+    if is_listening:
         return "listening"
     if is_allowed:
         return "firewall_open"
diff --git a/configuration.nix b/configuration.nix
index bea699b..ea87f26 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -97,6 +97,7 @@
   nixpkgs.config.permittedInsecurePackages = [ "jitsi-meet-1.0.8043" ];
 
   environment.systemPackages = with pkgs; [
+    nftables
     git wget fish htop btop
     gnomeExtensions.transparent-top-bar-adjustable-transparency
     gnomeExtensions.dash-to-dock