From 3285e2fad8747d3a02cf135616ee220a34a8da4e Mon Sep 17 00:00:00 2001 From: agronaught Date: Tue, 19 May 2026 20:10:02 +1000 Subject: [PATCH] systemvm: accept ipv6 established/related return traffic (#13173) --- systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py b/systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py index 93d0d0388ef..63d7724dd20 100755 --- a/systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py @@ -232,7 +232,7 @@ class CsNetfilters(object): if hook == "input" or hook == "output": CsHelper.execute("nft add rule %s %s %s icmpv6 type { echo-request, echo-reply, \ nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept" % (address_family, table, chain)) - elif hook == "forward": + if hook == "input" or hook == "forward": CsHelper.execute("nft add rule %s %s %s ct state established,related accept" % (address_family, table, chain)) def add_ip4_chain(self, address_family, table, chain, hook, action):