From c258664a69d613a223d1044049e26e6cd2422e7f Mon Sep 17 00:00:00 2001
From: anthony <anthony@cloud.com>
Date: Thu, 5 Jul 2012 14:21:15 -0700
Subject: [PATCH] VPC : CS-15463  allow input traffic for established
 connection

---
 patches/systemvm/debian/config/etc/init.d/cloud-early-config   | 2 +-
 patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index 21324cbbac5..b141110a80e 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -560,7 +560,7 @@ setup_vpcrouter() {
   fi
 
     cat > /etc/network/interfaces << EOF
-auto lo $1
+auto lo
 iface lo inet loopback
 EOF
   setup_interface "0" $ETH0_IP $ETH0_MASK $GW
diff --git a/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter b/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter
index 8e3069bc033..f60a1e41234 100644
--- a/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter
+++ b/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter
@@ -11,7 +11,8 @@ COMMIT
 -A INPUT -d 225.0.0.50/32 -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
--A INPUT -i eth0 -p tcp --dport 3922 -j ACCEPT
+-A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 COMMIT
 *mangle