From 73832d8b49fa62feef678a5b48d85f321728f452 Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Fri, 26 Jul 2024 11:40:12 +0000
Subject: [PATCH] hotfix(firewall): add iptables `-m` flag for input port
 instructions

---
 internal/firewall/iptables.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/firewall/iptables.go b/internal/firewall/iptables.go
index c409fb5b..5cbb8848 100644
--- a/internal/firewall/iptables.go
+++ b/internal/firewall/iptables.go
@@ -196,8 +196,8 @@ func (c *Config) acceptInputToPort(ctx context.Context, intf string, port uint16
 		interfaceFlag = ""
 	}
 	return c.runMixedIptablesInstructions(ctx, []string{
-		fmt.Sprintf("%s INPUT %s -p tcp --dport %d -j ACCEPT", appendOrDelete(remove), interfaceFlag, port),
-		fmt.Sprintf("%s INPUT %s -p udp --dport %d -j ACCEPT", appendOrDelete(remove), interfaceFlag, port),
+		fmt.Sprintf("%s INPUT %s -p tcp -m tcp --dport %d -j ACCEPT", appendOrDelete(remove), interfaceFlag, port),
+		fmt.Sprintf("%s INPUT %s -p udp -m udp --dport %d -j ACCEPT", appendOrDelete(remove), interfaceFlag, port),
 	})
 }