l sync-containers3: allow ctr0 in FORWARD

This commit is contained in:
lassulus 2023-01-02 18:48:12 +01:00
parent 7bbcac3e5e
commit a38c39424f

View File

@ -296,6 +296,10 @@ in {
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i ctr0"; target = "ACCEPT"; } { predicate = "-i ctr0"; target = "ACCEPT"; }
]; ];
krebs.iptables.tables.filter.FORWARD.rules = [
{ predicate = "-i ctr0"; target = "ACCEPT"; }
{ predicate = "-o ctr0"; target = "ACCEPT"; }
];
}) })
(lib.mkIf cfg.inContainer.enable { (lib.mkIf cfg.inContainer.enable {
users.groups.container_sync = {}; users.groups.container_sync = {};