From 356bb8e0d3f9add02e177a3bdfa9314e1369748e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Feb 2016 02:19:38 +0100
Subject: [PATCH] tv.iptables: redirect 11423 locally too

---
 tv/3modules/iptables.nix | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix
index 9d5b5d075..a4ebef44f 100644
--- a/tv/3modules/iptables.nix
+++ b/tv/3modules/iptables.nix
@@ -68,12 +68,13 @@ let
       :INPUT ACCEPT [0:0]
       :OUTPUT ACCEPT [0:0]
       :POSTROUTING ACCEPT [0:0]
-      ${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") ([]
-        ++ [
-          "! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0"
-          "-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
-        ]
-      )}
+      ${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") [
+        "! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0"
+        "-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
+      ]}
+      ${concatMapStringsSep "\n" (rule: "-A OUTPUT ${rule}") [
+        "-o lo -p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
+      ]}
       COMMIT
       *filter
       :INPUT DROP [0:0]