VPC : CS-15463 allow input traffic for established connection

2012-07-05 14:21:15 -07:00 · 2012-07-05 14:21:15 -07:00 · c258664a69
parent a44843af69
commit c258664a69
2 changed files with 3 additions and 2 deletions
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@ -560,7 +560,7 @@ setup_vpcrouter() {
  fi

    cat > /etc/network/interfaces << EOF
-auto lo $1
+auto lo
 iface lo inet loopback
 EOF
  setup_interface "0" $ETH0_IP $ETH0_MASK $GW
--- a/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter
+++ b/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter
@ -11,7 +11,8 @@ COMMIT
 -A INPUT -d 225.0.0.50/32 -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 3922 -j ACCEPT
+-A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 COMMIT
 *mangle