From 32d1641b6ed3d5b9400e73242247a630756e8e67 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 9 Oct 2019 13:33:07 -0400
Subject: [PATCH] Firewall Module - Fix some docker iptables issues

---
 salt/firewall/init.sls | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 2489b1f47..68d1f66cd 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -6,6 +6,21 @@
 {%- elif grains['role'] == 'so-sensor' %}
 {%- set ip = salt['pillar.get']('sensor:mainip', '') %}
 {%- endif %}
+# Quick Fix for Docker being difficult
+iptables_fix_docker:
+  iptables.chain_present:
+    - name: DOCKER-USER
+    - table: filter
+
+# Add the Forward Rule since Docker ripped it out
+iptables_fix_fwd:
+  iptables.insert:
+    - table: filter
+    - chain: FORWARD
+    - jump: ACCEPT
+    - position: 1
+    - target: DOCKER-USER
+    
 # Keep localhost in the game
 iptables_allow_localhost:
   iptables.append:
@@ -238,7 +253,7 @@ enable_master_playbook_3200_{{ip}}:
     - dport: 3200
     - position: 1
     - save: True
-    
+
 enable_master_navigator_4200_{{ip}}:
   iptables.insert:
     - table: filter