%if not %%is_defined('type_amon')
#!/bin/bash
%end if
# Accept from containers to LXC controller
/sbin/iptables -A INPUT -i br0 -s %%adresse_network_br0/%%adresse_netmask_br0 -j ACCEPT

# Accept from LXC controller to containers
/sbin/iptables -A OUTPUT -o br0 -d %%adresse_network_br0/%%adresse_netmask_br0 -j ACCEPT

# Accept from containers to containers
/sbin/iptables -A FORWARD -i br0 -o br0 -s %%adresse_network_br0/%%adresse_netmask_br0 -d %%adresse_network_br0/%%adresse_netmask_br0 -j ACCEPT

# Accept from containers to outside
/sbin/iptables -A FORWARD -i br0 -j ACCEPT

# Accept ESTABLISHED from outside to containers
# Required in forteress mode
/sbin/iptables -A FORWARD -o br0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# MASQUERADE containers getting outside
/sbin/iptables -t nat -A POSTROUTING -s %%adresse_network_br0/%%adresse_netmask_br0 ! -o br0 -j MASQUERADE
