From 69c0f71cf7d890d20cfbcab69274f6924209a95a Mon Sep 17 00:00:00 2001
From: Wei Zhou <w.zhou@global.leaseweb.com>
Date: Thu, 19 Nov 2020 15:53:28 +0000
Subject: [PATCH] bugfix #8 vpc: add rule for traffic between vm and private
 gateway

---
 systemvm/debian/opt/cloud/bin/cs/CsAddress.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
index 7cdca8f41c3..489840028e8 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
@@ -493,6 +493,15 @@ class CsIP:
                                 "-A POSTROUTING -o %s -j SNAT --to-source %s" %
                                 (self.dev, self.address['public_ip'])])
             if self.get_gateway() == self.get_ip_address():
+                for inf, addresses in self.config.address().dbag.iteritems():
+                    if not inf.startswith("eth"):
+                        continue
+                    for address in addresses:
+                        if "nw_type" in address and address["nw_type"] == "guest":
+                            self.fw.append(["filter", "front", "-A FORWARD -s %s -d %s -j ACL_INBOUND_%s" %
+                                            (address["network"], self.address["network"], self.dev)])
+                            self.fw.append(["filter", "front", "-A FORWARD -s %s -d %s -j ACL_INBOUND_%s" %
+                                            (self.address["network"], address["network"], address["device"])])
                 # Accept packet from private gateway if VPC VR is used as gateway
                 self.fw.append(["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" %
                                 (self.address['network'], self.address['network'])])