From 8712db3763aeb79816f0a58a8dde688f6dbad619 Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Tue, 27 Aug 2019 04:07:27 +0200
Subject: [PATCH] additionally create chain rule in OUTPUT otherwise they won't
 work locally on the swarm workers

---
 expose_forwards.ps1 | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/expose_forwards.ps1 b/expose_forwards.ps1
index 5e176d8..ae6b8bb 100644
--- a/expose_forwards.ps1
+++ b/expose_forwards.ps1
@@ -98,7 +98,13 @@ function Get-DockerIngressAddress {
 # setup SWARM-NAT chain
 Write-Output ('Create chain {0}' -f $Chain)
 Add-IptablesChain -Chain $Chain
-Add-IptablesRule -Chain 'PREROUTING' -Rule '-m','addrtype','--dst-type','LOCAL','-j',$Chain
+$chain_rule = @(
+    '-m','addrtype'
+    '--dst-type','LOCAL'
+    '-j',$Chain
+)
+Add-IptablesRule -Chain 'PREROUTING' -Rule $chain_rule
+Add-IptablesRule -Chain 'OUTPUT' -Rule $chain_rule
 
 
 $ingress_address = Get-DockerIngressAddress