Fixing firewall rules for ssh and http git clone

dicos/50_gogs.xml

@@ -20,6 +20,9 @@
             <service_access service='gogs_without_nginx'>
               <port service_accesslist="gogs_without_nginx" port_type="SymLinkOption">git_http_port</port>
             </service_access>
+            <service_access service='gogs_ssh'>
+              <tcpwrapper>sshd</tcpwrapper>
+            </service_access>
         </container>
     </containers>
     <variables>
@@ -57,6 +60,7 @@
             <target type='filelist'>gogs-nginx</target>
             <target type='servicelist'>gogs</target> 
             <target type='family'>forge</target> 
+            <target type='service_accesslist'>gogs_ssh</target>
         </condition>
         <condition name='disabled_if_in' source='activer_revprox'>
           <param>non</param>

tmpl/51-gogs-nat_rules

@@ -3,7 +3,7 @@
 #
 # Rules for SSH git clone
 #
-/sbin/iptables -A eth0-cont -s 0/0 -p tcp --syn --dport %%git_ssh_port -d %%container_ip_forge -j ACCEPT
+/sbin/iptables -A eth0-cont -d 192.0.2.101/32 -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
 %if %%getVar('mode_conteneur_actif','non') == 'oui'
-/sbin/iptables -t nat -A PREROUTING -i eth0 -s 0/0 -p tcp --syn --dport %%git_ssh_port -j DNAT --to-destination %%container_ip_forge:%%git_ssh_port
+/sbin/iptables -t nat -A PREROUTING -i eth0 -s 0/0 -p tcp --syn --dport %%git_ssh_port -j DNAT --to-destination %%container_ip_forge:22
 %end if

tmpl/gogs.conf

@@ -17,7 +17,11 @@ PROTOCOL = https
 %if %%getVar('activer_revprox','non') == 'oui'
 DOMAIN = localhost
 %else
-DOMAIN = %%container_ip_forge
+  %if %%getVar('gogs_web_name', 'X-X-X-X') == 'X-X-X-X'
+DOMAIN = %%adresse_ip_eth0
+  %else
+DOMAIN = %%gogs_web_name
+  %end if 
 %end if
 ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
 HTTP_ADDR =