From a38c39424f29bbdfe1493061da05326f9d05d4a0 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Jan 2023 18:48:12 +0100
Subject: l sync-containers3: allow ctr0 in FORWARD

---
 lass/3modules/sync-containers3.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lass')

diff --git a/lass/3modules/sync-containers3.nix b/lass/3modules/sync-containers3.nix
index 05317556..02ba0a5f 100644
--- a/lass/3modules/sync-containers3.nix
+++ b/lass/3modules/sync-containers3.nix
@@ -296,6 +296,10 @@ in {
       krebs.iptables.tables.filter.INPUT.rules = [
         { predicate = "-i ctr0"; target = "ACCEPT"; }
       ];
+      krebs.iptables.tables.filter.FORWARD.rules = [
+        { predicate = "-i ctr0"; target = "ACCEPT"; }
+        { predicate = "-o ctr0"; target = "ACCEPT"; }
+      ];
     })
     (lib.mkIf cfg.inContainer.enable {
       users.groups.container_sync = {};
-- 
cgit v1.2.3