From 914014809b7104f8bc203d3772a0568fed779f8f Mon Sep 17 00:00:00 2001
From: Greg Richardson <greg.nmr@gmail.com>
Date: Sat, 22 Apr 2023 16:31:46 -0600
Subject: [PATCH] feat: allow connections to internal networks

---
 client/main.go | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/client/main.go b/client/main.go
index fcfa46f..90fef71 100644
--- a/client/main.go
+++ b/client/main.go
@@ -186,4 +186,29 @@ func main() {
 		fmt.Printf("Failed to add iptables nat rule: %v\n", err)
 		os.Exit(ExitSetupFailed)
 	}
+
+	fmt.Println("Adding iptables filter rules for WireGuard interface")
+
+	// Add iptables filter rules to always accept traffic between
+	// a container and the Wireguard interface.
+	// Required to connect to `internal` Docker networks.
+	err = ipt.AppendUnique(
+		"filter", "DOCKER-USER",
+		"-o", interfaceName,
+		"-j", "ACCEPT",
+	)
+	if err != nil {
+		fmt.Printf("Failed to add iptables filter rule: %v\n", err)
+		os.Exit(ExitSetupFailed)
+	}
+
+	err = ipt.AppendUnique(
+		"filter", "DOCKER-USER",
+		"-i", interfaceName,
+		"-j", "ACCEPT",
+	)
+	if err != nil {
+		fmt.Printf("Failed to add iptables filter rule: %v\n", err)
+		os.Exit(ExitSetupFailed)
+	}
 }