From 12da3d0f4c151f8c1bdbff8a7b9a09a68d15a6c8 Mon Sep 17 00:00:00 2001
From: gyurix <gyorgy.berenyi@format.hu>
Date: Sun, 27 Feb 2022 15:19:52 +0000
Subject: [PATCH] Checking host related iptables settings and preparing
 DOCKER-USER chain for source port check.

---
 firewall/firewall-add | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/firewall/firewall-add b/firewall/firewall-add
index 6ffacd5..7eb37e7 100755
--- a/firewall/firewall-add
+++ b/firewall/firewall-add
@@ -111,8 +111,13 @@ for source_ip_index in $(seq 1 $COUNT_SOURCE_IP) ; do
 #############################
 # NSENTER Specific settings #
 
-if [[ "$PREROUTING" == "true" ]] || [[ "$POSTROUTING" == "true" ]] ; then
-	NS_IPTABLES="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- $IPTABLES -t nat";
+if [[ "$PREROUTING" == "true" ]] || [[ "$POSTROUTING" == "true" ]] || [[ "$HOST" == "true" ]] ; then
+	
+	if [ "$HOST" == "true" ] ; then
+		NS_IPTABLES="/sbin/iptables -t nat";
+	else
+		NS_IPTABLES="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- $IPTABLES -t nat";
+	fi
 	
 	debug "iptables: "$NS_IPTABLES;
 	
@@ -146,7 +151,7 @@ else
 		done
 	fi
 
-	$IPTABLES -I $CHAIN -s $SOURCE_IP -d $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j ACCEPT
+	$IPTABLES -I $CHAIN -s $SOURCE_IP --sport $SOURCE_PORT -d $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j ACCEPT
 
 	#############################
 fi