From 04a5e8b45523c034b1f01a11e7efd7f9d895371f Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Wed, 17 Dec 2025 18:50:16 +0100
Subject: [PATCH 1/2] Enable ARP support in nftable for outbound restriction in
 exam_mode

---
 roles/lmn_exam/templates/no-way-out-nftable.j2 | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/roles/lmn_exam/templates/no-way-out-nftable.j2 b/roles/lmn_exam/templates/no-way-out-nftable.j2
index 2c6efb8..93305a9 100644
--- a/roles/lmn_exam/templates/no-way-out-nftable.j2
+++ b/roles/lmn_exam/templates/no-way-out-nftable.j2
@@ -13,15 +13,17 @@ ${filterchain}
     chain filterin_${interface} {
         type filter hook ingress device ${interface} priority filter; policy drop;
         ip saddr \$allowed_ipv4 accept
-        ip saddr ${gateway} accept;
-        ip saddr 255.255.255.255 accept;
+        ip saddr ${gateway} accept
+        ip saddr 255.255.255.255 accept
+        ether type arp accept
     }
 
     chain filterout_${interface} {
         type filter hook egress device ${interface} priority filter; policy drop;
         ip daddr \$allowed_ipv4 accept
-        ip daddr ${gateway} accept;
-        ip daddr 255.255.255.255 accept;
+        ip daddr ${gateway} accept
+        ip daddr 255.255.255.255 accept
+        ether type arp accept
     }
 EOF
 )

From cdfc7c2d9c7338afc46302254d012bd5b6208f18 Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Wed, 17 Dec 2025 19:41:38 +0100
Subject: [PATCH 2/2] Set the environment variable for the path to KiCad's 3D
 models (NFS)

---
 roles/custom/fvs/tasks/main.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/custom/fvs/tasks/main.yml b/roles/custom/fvs/tasks/main.yml
index db9e129..a6a38ef 100644
--- a/roles/custom/fvs/tasks/main.yml
+++ b/roles/custom/fvs/tasks/main.yml
@@ -251,5 +251,12 @@
       KERNEL=="mmcblk[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"
       KERNEL=="mmcblk[0-9]p[0-9]*", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"
 
+- name: Set KiCad 3Dmodel path
+  ansible.builtin.lineinfile:
+    path: /etc/environment.d/90lmn-kicad.conf
+    create: true
+    mode: '0644'
+    line: KICAD9_3DMODEL_DIR=/lmn/tools/KiCad/kicad-packages3D
+
 - name: Include sync
   ansible.builtin.include_tasks: sync.yml