VR: add rules for traffic between static nat and private gateway static routes (#6153)

(cherry picked from commit 19a7774cab) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2022-04-12 18:26:51 +02:00 · 2022-04-12 18:26:51 +02:00 · 957b64ba24
parent 255d178394
commit 957b64ba24
1 changed files with 18 additions and 0 deletions
--- a/systemvm/debian/opt/cloud/bin/configure.py
+++ b/systemvm/debian/opt/cloud/bin/configure.py
@ -851,6 +851,20 @@ class CsForwardingRules(CsDataBag):
                interfaces.append(interface)
        return interfaces

+    def getStaticRoutes(self):
+        static_routes = CsStaticRoutes("staticroutes", self.config)
+        routes = []
+        if not static_routes:
+            return routes
+        for item in static_routes.get_bag():
+            if item == "id":
+                continue
+            static_route = static_routes.get_bag()[item]
+            if static_route['revoke']:
+                continue
+            routes.append(static_route)
+        return routes
+
    def portsToString(self, ports, delimiter):
        ports_parts = ports.split(":", 2)
        if ports_parts[0] == ports_parts[1]:
@ -996,6 +1010,10 @@ class CsForwardingRules(CsDataBag):
        for private_gw in private_gateways:
            self.fw.append(["mangle", "front", "-A %s -d %s -j RETURN" %
                            (chain_name, private_gw.get_network())])
+        static_routes = self.getStaticRoutes()
+        for static_route in static_routes:
+            self.fw.append(["mangle", "front", "-A %s -d %s -j RETURN" %
+                            (chain_name, static_route['network'])])

        self.fw.append(["nat", "front",
                        "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])