From ba76953090b2af5bbcb4ac5a91565f07e5b549c4 Mon Sep 17 00:00:00 2001
From: godog <godog@autistici.org>
Date: Fri, 19 Jul 2019 23:38:44 +0200
Subject: [PATCH] net-overlay: allow vpn traffic to containers ports

---
 roles/net-overlay/templates/firewall/11net-overlay.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/net-overlay/templates/firewall/11net-overlay.j2 b/roles/net-overlay/templates/firewall/11net-overlay.j2
index 7e86d4f1..9bc7d341 100644
--- a/roles/net-overlay/templates/firewall/11net-overlay.j2
+++ b/roles/net-overlay/templates/firewall/11net-overlay.j2
@@ -26,6 +26,11 @@ add_rule4 -A base-input -i {{ tinc_net }} -j vpn-{{ tinc_net }}-input
 {% for port in services[s].get('ports', []) %}
 add_rule -A vpn-{{ tinc_net }}-input -p tcp --dport {{ port }} -j ACCEPT
 {% endfor %}
+{% for container in services[s].get('containers', []) %}
+{% if 'port' in container %}
+add_rule -A vpn-{{ tinc_net }}-input -p tcp --dport {{ container.port }} -j ACCEPT
+{% endif %}
+{% endfor %}
 {% for ep in services[s].get('public_endpoints', []) %}
 add_rule -A vpn-{{ tinc_net }}-input -p tcp --dport {{ ep.port }} -j ACCEPT
 {% endfor %}
-- 
GitLab