From c38b7e1918ea792cc6d01fa4c8296fe6ef456894 Mon Sep 17 00:00:00 2001
From: Magic_RB <magic_rb@redalder.org>
Date: Mon, 19 Jun 2023 01:10:07 +0200
Subject: [PATCH] Allow communication between containers

Signed-off-by: Magic_RB <magic_rb@redalder.org>
---
 nixos/systems/blowhole/firewall.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nixos/systems/blowhole/firewall.nix b/nixos/systems/blowhole/firewall.nix
index 8f3e95e..b6d7de9 100644
--- a/nixos/systems/blowhole/firewall.nix
+++ b/nixos/systems/blowhole/firewall.nix
@@ -210,6 +210,8 @@ in
             iifname { "nomad", "docker0", "ve-monitor", "ve-klipper" } oifname { "${lan}" } ip daddr 10.64.2.1 udp dport { 111, 2049, 4000, 4001, 4002, 20048 } accept
             iifname { "nomad", "docker0", "ve-monitor", "ve-klipper" } oifname { "${lan}" } ip saddr 10.64.2.1 udp sport { 111, 2049, 4000, 4001, 4002, 20048 } accept
 
+            # allow communication between all container interfaces
+            iifname { "nomad", "ve-monitor", "ve-klipper" } oifname { "nomad", "ve-monitor", "ve-klipper" } accept
 
             # Rules to make CNI happy
             meta mark and 0x01 == 0x01 accept