From 3fd75e020d8823e6c1661fc30c1dfc326168c9a4 Mon Sep 17 00:00:00 2001
From: James Pike <jpike@chilon.net>
Date: Mon, 1 Jan 2018 02:43:55 +0000
Subject: [PATCH] Fix exposed ports accessible from localhost only

---
 networking/portfwd.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/networking/portfwd.go b/networking/portfwd.go
index 9702d519f6..61d2e27ddf 100644
--- a/networking/portfwd.go
+++ b/networking/portfwd.go
@@ -179,7 +179,7 @@ func portRules(fp commonnet.ForwardedPort, podIP net.IP, chainDNAT, chainSNAT st
 			chainSNAT,
 			[]string{
 				"-p", fp.PodPort.Protocol,
-				"-s", "127.0.0.1",
+				"-s", dstIPHost,
 				"-d", podIP.String(),
 				"--dport", dstPortPod,
 				"-j", "MASQUERADE",
@@ -233,7 +233,7 @@ func (e *podEnv) portFwdChain(name string) string {
 func (e *podEnv) portFwdChainRuleSpec(chain string, name string) []string {
 	switch name {
 	case "SNAT":
-		return []string{"-s", "127.0.0.1", "!", "-d", "127.0.0.1", "-j", chain}
+		return []string{"!", "-d", "127.0.0.1", "-j", chain}
 	case "DNAT":
 		return []string{"-m", "addrtype", "--dst-type", "LOCAL", "-j", chain}
 	default: