From 66cd0a39365032c9568daa76af403ae5a8895c5f Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Thu, 14 May 2020 17:00:05 +0200
Subject: [PATCH] Update to 2020-05-14 17:00

---
 roles/iptables/defaults/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/iptables/defaults/main.yml b/roles/iptables/defaults/main.yml
index 830ca1c..37a0c80 100644
--- a/roles/iptables/defaults/main.yml
+++ b/roles/iptables/defaults/main.yml
@@ -16,6 +16,8 @@ iptables_default_head: |
   -A INPUT -i lo -j ACCEPT
   -A INPUT -m state --state NEW -p tcp --dport 22 -s {{ trusted_ip | default(['0.0.0.0/0']) | join(',') }} -j ACCEPT
   -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+  -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+  -A FORWARD -m state --state INVALID -j DROP
 
 iptables_default_tail: |
   -A INPUT -j LOGDENY