From 90cf5b1684b6221797b39af306c3fee9ce5bdb9e Mon Sep 17 00:00:00 2001
From: Josh Jacobs <josh@joshjacobs.net>
Date: Thu, 21 Oct 2021 19:05:36 +0100
Subject: [PATCH] fix: allow bi-directional traffic initiation

---
 docker-compose.yml | 4 ++--
 entrypoint.sh      | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 091b1cc..f6e8456 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,8 +7,8 @@ services:
       context: .
       dockerfile: Dockerfile
       args:
-        ARCH: arm64
-        VERSION: 1.6.5
+        ARCH: amd64
+        VERSION: 1.6.6
     restart: always
     privileged: true
     volumes:
diff --git a/entrypoint.sh b/entrypoint.sh
index 03ef326..7135efb 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -31,11 +31,12 @@ do
 
   if [ "$ZT_BRIDGE" = "true" ]
   then
-    echo "iptables on $(zerotier-cli get $n portDeviceName)"
+    echo "Configuring iptables on $(zerotier-cli get $n portDeviceName)"
     PHY_IFACE=eth0; ZT_IFACE=$(zerotier-cli get $n portDeviceName)
 
     iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE
-    iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -t nat -A POSTROUTING -o $ZT_IFACE -j MASQUERADE
+    iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -j ACCEPT
     iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT
   fi
 done