etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

IPv6 firewall: accept packets from related and established connections (#10970) 

* IPv6 firewall: accept related packets and packets from established connections

* Remove rule from input chain
This commit is contained in:
Fabricio Duarte 2025-09-10 11:37:17 -03:00 committed by GitHub
parent e3681a04bb
commit 5d32492676
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py
View File

@ -232,6 +232,8 @@ class CsNetfilters(object):
if hook == "input" or hook == "output":
CsHelper.execute("nft add rule %s %s %s icmpv6 type { echo-request, echo-reply, \
nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept" % (address_family, table, chain))
elif hook == "forward":
CsHelper.execute("nft add rule %s %s %s ct state established,related accept" % (address_family, table, chain))
def add_ip4_chain(self, address_family, table, chain, hook, action):
chain_policy = ""