From a8c9b4531b754c3395496abe096365d775cb8fa0 Mon Sep 17 00:00:00 2001
From: Wei Zhou <w.zhou@global.leaseweb.com>
Date: Thu, 19 Nov 2020 08:35:59 +0000
Subject: [PATCH] bugfix #7 vpc vr: allow servers in private gateway to reach
 internet via the VPC VR if it is gateway

---
 systemvm/debian/opt/cloud/bin/cs/CsAddress.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
index ff0d855766b..7cdca8f41c3 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
@@ -492,6 +492,10 @@ class CsIP:
                 self.fw.append(["nat", "front",
                                 "-A POSTROUTING -o %s -j SNAT --to-source %s" %
                                 (self.dev, self.address['public_ip'])])
+            if self.get_gateway() == self.get_ip_address():
+                # Accept packet from private gateway if VPC VR is used as gateway
+                self.fw.append(["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" %
+                                (self.address['network'], self.address['network'])])
 
         if self.get_type() in ["public"]:
             self.fw.append(