From 44faa84695a5df7a0a3c3a35520d70f255b9fe53 Mon Sep 17 00:00:00 2001
From: Eric Brown <ecbrown@ericcbrown.com>
Date: Sun, 30 May 2021 22:00:52 +0100
Subject: [PATCH] doc: Updated iptables example

* doc/guix.texi (iptables): Update iptables example to allow (functioning) outbound SSH
---
 doc/guix.texi | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index dc10e88123..71851ca0b1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -16427,6 +16427,7 @@ configuration rejecting all incoming connections except those to the ssh port
 :INPUT ACCEPT
 :FORWARD ACCEPT
 :OUTPUT ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 -A INPUT -p tcp --dport 22 -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
 COMMIT
@@ -16435,6 +16436,7 @@ COMMIT
 :INPUT ACCEPT
 :FORWARD ACCEPT
 :OUTPUT ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 -A INPUT -p tcp --dport 22 -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp6-port-unreachable
 COMMIT
-- 
2.32.0.rc0