bugfix #8 vpc: add rule for traffic between vm and private gateway

2020-11-19 15:53:28 +00:00 · 2020-11-19 15:53:28 +00:00 · 69c0f71cf7
parent a8c9b4531b
commit 69c0f71cf7
1 changed files with 9 additions and 0 deletions
--- a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
@ -493,6 +493,15 @@ class CsIP:
                                "-A POSTROUTING -o %s -j SNAT --to-source %s" %
                                (self.dev, self.address['public_ip'])])
            if self.get_gateway() == self.get_ip_address():
+                for inf, addresses in self.config.address().dbag.iteritems():
+                    if not inf.startswith("eth"):
+                        continue
+                    for address in addresses:
+                        if "nw_type" in address and address["nw_type"] == "guest":
+                            self.fw.append(["filter", "front", "-A FORWARD -s %s -d %s -j ACL_INBOUND_%s" %
+                                            (address["network"], self.address["network"], self.dev)])
+                            self.fw.append(["filter", "front", "-A FORWARD -s %s -d %s -j ACL_INBOUND_%s" %
+                                            (self.address["network"], address["network"], address["device"])])
                # Accept packet from private gateway if VPC VR is used as gateway
                self.fw.append(["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" %
                                (self.address['network'], self.address['network'])])