Fix internet access for microk8s pods

etc_iptables.conf

# see https://unrouted.io/2017/08/15/docker-firewall/
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FILTERS - [0:0]
:DOCKER-USER - [0:0]

-F INPUT
-F DOCKER-USER
-F FILTERS

-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type any -j ACCEPT
-A INPUT -j FILTERS

# you may need to change this, replace eno1 with the nic bound to your external ip
-A DOCKER-USER -i eno1 -j FILTERS
-A DOCKER-USER -i cbr0 -j FILTERS

-A FILTERS -m state --state ESTABLISHED,RELATED -j ACCEPT
# open access for dev
-A FILTERS -m state --state NEW -s 0.0.0.0/0 -j ACCEPT

# you might want more restructive permissions
#-A FILTERS -m state --state NEW -s 192.168.0.0/24 -j ACCEPT
#-A FILTERS -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#-A FILTERS -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
#-A FILTERS -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
#-A FILTERS -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

# Log&Reject everything else
-A FILTERS -j LOG --log-prefix "IPTables-Dropped: "
-A FILTERS -j REJECT --reject-with icmp-host-prohibited

COMMIT

etc_systemd_system_iptables.service

# see https://unrouted.io/2017/08/15/docker-firewall/

[Unit]
Description=Restore iptables firewall rules
Before=network-pre.target

[Service]
Type=oneshot
ExecStart=/sbin/iptables-restore -n /etc/iptables.conf

[Install]
WantedBy=multi-user.target