Allow container SSH through iptables DOCKER-USER chain (#100)

arush070 · web-flow · commit 9cbd8cbb1bb7 · 2026-03-15T10:11:45.000+05:30
* fix(shadeform): allow container SSH through iptables DOCKER-USER chain

* fix(shadeform): update comment to clarify dport 22 scope
diff --git a/v1/providers/shadeform/firewall.go b/v1/providers/shadeform/firewall.go
@@ -36,6 +36,9 @@ const (
 	// Allow inbound traffic on the loopback interface.
 	ipTablesAllowDockerUserInpboundLoopback = "iptables -A DOCKER-USER -i lo -j ACCEPT"
 
+	// Allow external inbound TCP traffic to any container port 22 (SSH)
+	ipTablesAllowDockerUserContainerSSH = "iptables -A DOCKER-USER -p tcp --dport 22 -j ACCEPT"
+
 	// Drop everything else.
 	ipTablesDropDockerUserInbound = "iptables -A DOCKER-USER -j DROP"
 	ipTablesReturnDockerUser      = "iptables -A DOCKER-USER -j RETURN"
@@ -91,6 +94,7 @@ func (c *ShadeformClient) getIPTablesCommands() []string {
 		ipTablesAllowDockerUserDockerToDocker2,
 		ipTablesAllowDockerUserDockerToDocker3,
 		ipTablesAllowDockerUserInpboundLoopback,
+		ipTablesAllowDockerUserContainerSSH,
 		ipTablesDropDockerUserInbound,
 		ipTablesReturnDockerUser, // Expected by Docker
 	}
