From c6b78b9d31ef832f862d08aa0e59270ff50528aa Mon Sep 17 00:00:00 2001
From: Josh Poimboeuf <jpoimboe@redhat.com>
Date: Fri, 24 Jan 2014 22:22:53 -0600
Subject: [PATCH] network: add publicly mapped ports to FORWARD table

Allow publicly mapped ports to be made public beyond the host.  This is
needed for distros like Fedora and RHEL which have a reject all rule at
the end of their FORWARD table.

Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
---
 iptables/iptables.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/iptables/iptables.go b/iptables/iptables.go
index 0438bcb..2df9365 100644
--- a/iptables/iptables.go
+++ b/iptables/iptables.go
@@ -73,6 +73,23 @@ func (c *Chain) Forward(action Action, ip net.IP, port int, proto, dest_addr str
 	} else if len(output) != 0 {
 		return fmt.Errorf("Error iptables forward: %s", output)
 	}
+
+	fAction := action
+	if fAction == Add {
+		fAction = "-I"
+	}
+	if output, err := Raw(string(fAction), "FORWARD",
+		"!", "-i", c.Bridge,
+		"-o", c.Bridge,
+		"-p", proto,
+		"-d", daddr,
+		"--dport", strconv.Itoa(port),
+		"-j", "ACCEPT"); err != nil {
+		return err
+	} else if len(output) != 0 {
+		return fmt.Errorf("Error iptables forward: %s", output)
+	}
+
 	return nil
 }