etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Routed VR: accept packets from related and established connections (#12986)

This commit is contained in:
Wei Zhou 2026-04-15 12:06:26 +02:00 committed by GitHub
parent c6936889f5
commit 1fc4cb90bf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py
View File

@ -244,6 +244,8 @@ class CsNetfilters(object):
CsHelper.execute("nft add chain %s %s %s '{ %s }'" % (address_family, table, chain, chain_policy))
if hook == "input" or hook == "output":
CsHelper.execute("nft add rule %s %s %s icmp type { echo-request, echo-reply } accept" % (address_family, table, chain))
elif hook == "forward":
CsHelper.execute("nft add rule %s %s %s ct state established,related accept" % (address_family, table, chain))
def apply_nft_ipv4_rules(self, rules, type):
if len(rules) == 0: