From b358f122dfab9a922f3502d3f3d46895042f9a7d Mon Sep 17 00:00:00 2001 From: Manevolent Date: Sun, 23 Apr 2023 20:28:50 -0600 Subject: [PATCH] Update tinc-up.tmpl --- tinc/tinc-up.tmpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tinc/tinc-up.tmpl b/tinc/tinc-up.tmpl index 23697db..4f9cc26 100644 --- a/tinc/tinc-up.tmpl +++ b/tinc/tinc-up.tmpl @@ -16,7 +16,8 @@ iptables -t nat -I PREROUTING -d {{ . }} -i eth0 -j DNAT --to-destination ${tinc # Plugins may communicate over eth0, the 'internal' docker network. # Because of this, we should allow masquerading NAT through eth0 iptables -A FORWARD -i eth0 -o \$INTERFACE -j ACCEPT -iptables -t nat -A POSTROUTING -i eth0 -o \$INTERFACE -j MASQUERADE +iptables -t nat -A PREROUTING -i eth0 -j MARK --set-mark 1 +iptables -t nat -A POSTROUTING -m mark --mark 1 -o \$INTERFACE -j MASQUERADE # Prevent spoofing attacks iptables -A FORWARD -i \$INTERFACE ! -s ${network_address}/${global_prefix:-16} -j DROP