From 635ed54c3bdc6a6f9b0a7ff8d112391c641519d4 Mon Sep 17 00:00:00 2001
From: Athos Ribeiro <athoscribeiro@gmail.com>
Date: Thu, 14 May 2015 21:15:29 -0300
Subject: [PATCH] Add forwarding rules for external ssh connection

---
 cookbooks/firewall/templates/host-reverseproxy/iptables-filter.erb | 4 ++++
 1 file changed, 4 insertions(+), 0 deletions(-)

diff --git a/cookbooks/firewall/templates/host-reverseproxy/iptables-filter.erb b/cookbooks/firewall/templates/host-reverseproxy/iptables-filter.erb
index 269f4f7..f5f2451 100644
--- a/cookbooks/firewall/templates/host-reverseproxy/iptables-filter.erb
+++ b/cookbooks/firewall/templates/host-reverseproxy/iptables-filter.erb
@@ -7,3 +7,7 @@
 
 # Real SSH connection
 -A INPUT -s <%= node['peers']['integration'] %> -p tcp -m state --state NEW --dport <%= node['config']['alt_ssh_port'] %> -j ACCEPT
+
+# Allow forwarding to integration on port 22
+-A FORWARD -p tcp -d <%= node['peers']['integration'] %> --dport 22 -j ACCEPT
+-A FORWARD -s <%= node['peers']['integration'] %> -p tcp --sport 22 -j ACCEPT
--
libgit2 0.21.2