From d01870f12a1190e06f69b564f67c81df69553f58 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zolt=C3=A1n=20Felleg?= <zoltan.felleg@userrendszerhaz.hu>
Date: Mon, 5 Aug 2019 10:25:54 +0200
Subject: [PATCH] Updated efg.pm.f30 (added a missing nft rule).

---
 sources/efg.pm.f30/firstboot/nftables.config | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sources/efg.pm.f30/firstboot/nftables.config b/sources/efg.pm.f30/firstboot/nftables.config
index 0043e6b..59b6b17 100644
--- a/sources/efg.pm.f30/firstboot/nftables.config
+++ b/sources/efg.pm.f30/firstboot/nftables.config
@@ -200,6 +200,13 @@ add rule inet efg_filter forward \
     oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IP tcp dport $WS_PORTS \
     counter accept comment "Incoming http(s) requests"
 
+add rule inet efg_filter forward \
+    ct state established \
+    ip protocol tcp \
+    iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IP tcp sport WS_PORTS \
+    oifname $EXTERNAL_IF tcp dport 1024-65535 \
+    counter accept comment "Outgoing http(s) replies"
+
 add rule inet efg_filter forward \
     ip protocol udp \
     iifname $EXTERNAL_IF udp sport 1024-65535 \
-- 
2.54.0