From 71ab0416b06760e2cda7059f810a7979ff1e0cf7 Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Mon, 11 Apr 2022 21:05:12 +0000
Subject: [PATCH] fix(iptables): use `OUTPUT` chain for test instead of `INPUT`

---
 internal/firewall/support.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/firewall/support.go b/internal/firewall/support.go
index 3b2126ef..33f9568f 100644
--- a/internal/firewall/support.go
+++ b/internal/firewall/support.go
@@ -22,7 +22,7 @@ func checkIptablesSupport(ctx context.Context, runner command.Runner,
 	var errMessage string
 	testInterfaceName := randomInterfaceName()
 	for _, iptablesPath = range iptablesPathsToTry {
-		cmd := exec.CommandContext(ctx, iptablesPath, "-A", "INPUT", "-i", testInterfaceName, "-j", "DROP")
+		cmd := exec.CommandContext(ctx, iptablesPath, "-A", "OUTPUT", "-o", testInterfaceName, "-j", "DROP")
 		errMessage, err = runner.Run(cmd)
 		if err == nil {
 			break
@@ -42,7 +42,7 @@ func checkIptablesSupport(ctx context.Context, runner command.Runner,
 	}
 
 	// Cleanup test rule
-	cmd := exec.CommandContext(ctx, iptablesPath, "-D", "INPUT", "-i", testInterfaceName, "-j", "DROP")
+	cmd := exec.CommandContext(ctx, iptablesPath, "-D", "OUTPUT", "-o", testInterfaceName, "-j", "DROP")
 	errMessage, err = runner.Run(cmd)
 	if err != nil {
 		return "", fmt.Errorf("%w: %s (%s)", ErrTestRuleCleanup, errMessage, err)