#!/bin/bash

# Accept from containers to LXC controller
/sbin/iptables -A INPUT -i br0 -s 192.0.2.2/255.255.255.0 -j ACCEPT

# Accept from LXC controller to containers
/sbin/iptables -A OUTPUT -o br0 -d 192.0.2.2/255.255.255.0 -j ACCEPT

# Accept from containers to containers
/sbin/iptables -A FORWARD -i br0 -o br0 -s 192.0.2.2/255.255.255.0 -d 192.0.2.2/255.255.255.0 -j ACCEPT

# Accept from containers to outside
/sbin/iptables -A FORWARD -i br0 -j ACCEPT

# Accept ESTABLISHED from outside to containers
# Required in forteress mode
/sbin/iptables -A FORWARD -o br0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# MASQUERADE containers getting outside
/sbin/iptables -t nat -A POSTROUTING -s 192.0.2.2/255.255.255.0 ! -o br0 -j MASQUERADE
