Fix nftables parser to use input_wan chain

Change nftables port parser to specifically look for 'chain input_wan'
instead of any chain with 'input' in the name. This ensures we only
collect WAN/external ports, not LAN or other internal chains.

- Look for 'chain input_wan' specifically
- Remove internal network filters (no longer needed)
- Update version to v0.1.249

Cargo.lock

@@ -279,7 +279,7 @@ checksum = "a1d728cc89cf3aee9ff92b05e62b19ee65a02b5702cff7d5a377e32c6ae29d8d"
 
 [[package]]
 name = "cm-dashboard"
-version = "0.1.247"
+version = "0.1.248"
 dependencies = [
  "anyhow",
  "chrono",
@@ -301,7 +301,7 @@ dependencies = [
 
 [[package]]
 name = "cm-dashboard-agent"
-version = "0.1.247"
+version = "0.1.248"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -325,7 +325,7 @@ dependencies = [
 
 [[package]]
 name = "cm-dashboard-shared"
-version = "0.1.247"
+version = "0.1.248"
 dependencies = [
  "chrono",
  "serde",

agent/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cm-dashboard-agent"
-version = "0.1.248"
+version = "0.1.249"
 edition = "2021"
 
 [dependencies]

agent/src/collectors/systemd.rs

@@ -933,26 +933,26 @@ impl SystemdCollector {
 
         // Parse nftables output for WAN incoming accept rules with dport
         // Looking for patterns like: tcp dport 22 accept or tcp dport { 22, 80, 443 } accept
-        // Only include rules in input chain without private network source restrictions
+        // Only include rules in input_wan chain
-        let mut in_input_chain = false;
+        let mut in_wan_chain = false;
 
         for line in output_str.lines() {
             let line = line.trim();
 
-            // Track if we're in the input chain
+            // Track if we're in the input_wan chain
-            if line.contains("chain input") || line.contains("chain INPUT") {
+            if line.contains("chain input_wan") {
-                in_input_chain = true;
+                in_wan_chain = true;
                 continue;
             }
 
             // Reset when entering other chains
-            if line.starts_with("chain ") && !line.contains("input") && !line.contains("INPUT") {
+            if line.starts_with("chain ") && !line.contains("input_wan") {
-                in_input_chain = false;
+                in_wan_chain = false;
                 continue;
             }
 
-            // Only process rules in input chain
+            // Only process rules in input_wan chain
-            if !in_input_chain {
+            if !in_wan_chain {
                 continue;
             }
 
@@ -961,14 +961,6 @@ impl SystemdCollector {
                 continue;
             }
 
-            // Skip internal network traffic (LAN/private networks)
-            if line.contains("ip saddr 192.168.") ||
-               line.contains("ip saddr 10.") ||
-               line.contains("ip saddr 172.16.") ||
-               line.contains("iifname \"lo\"") {
-                continue;
-            }
-
             // Parse TCP ports
             if line.contains("tcp dport") {
                 for port in self.extract_ports_from_nft_rule(line) {

dashboard/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cm-dashboard"
-version = "0.1.248"
+version = "0.1.249"
 edition = "2021"
 
 [dependencies]

shared/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cm-dashboard-shared"
-version = "0.1.248"
+version = "0.1.249"
 edition = "2021"
 
 [dependencies]