From 52377b4b2ae25b4dd45fe5f5bd08ed904b6cfc02 Mon Sep 17 00:00:00 2001
From: Vincenzo Longobardi <sniirful@gmail.com>
Date: Mon, 20 May 2024 22:32:15 +0200
Subject: [PATCH] fix(firewall): docker external ports issue

---
 firewall/firewall/rules/rules.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/firewall/firewall/rules/rules.go b/firewall/firewall/rules/rules.go
index d58fe3e..c1831d8 100644
--- a/firewall/firewall/rules/rules.go
+++ b/firewall/firewall/rules/rules.go
@@ -23,7 +23,10 @@ func getIPTablesCommand(config configuration.Configuration, service services.Ser
 			}
 		}()), service.Chain,
 		"-p", service.Protocol,
-		"--dport", fmt.Sprintf("%v", service.Port),
+		// taken from:
+		// https://docs.docker.com/network/packet-filtering-firewalls/#match-the-original-ip-and-ports-for-requests
+		"-m", "conntrack",
+		"--ctorigdstport", fmt.Sprintf("%v", service.Port),
 		"-j", "NFQUEUE",
 		"--queue-num", fmt.Sprintf("%v", service.Nfq),
 	)