summaryrefslogtreecommitdiffstats
path: root/lass/3modules/sync-containers3.nix
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2023-01-02 18:48:12 +0100
committerlassulus <lassulus@lassul.us>2023-01-02 18:48:12 +0100
commita38c39424f29bbdfe1493061da05326f9d05d4a0 (patch)
tree02eff327716835e4ac13c32cbcda698647f859a5 /lass/3modules/sync-containers3.nix
parent7bbcac3e5ee3ad65762e54d85a1786d077cca699 (diff)
l sync-containers3: allow ctr0 in FORWARD
Diffstat (limited to 'lass/3modules/sync-containers3.nix')
-rw-r--r--lass/3modules/sync-containers3.nix4
1 files changed, 4 insertions, 0 deletions
diff --git a/lass/3modules/sync-containers3.nix b/lass/3modules/sync-containers3.nix
index 053175565..02ba0a5ff 100644
--- a/lass/3modules/sync-containers3.nix
+++ b/lass/3modules/sync-containers3.nix
@@ -296,6 +296,10 @@ in {
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i ctr0"; target = "ACCEPT"; }
];
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { predicate = "-i ctr0"; target = "ACCEPT"; }
+ { predicate = "-o ctr0"; target = "ACCEPT"; }
+ ];
})
(lib.mkIf cfg.inContainer.enable {
users.groups.container_sync = {};