From d5d6c9f5f4ade8862e4bf3997270d786fc986721 Mon Sep 17 00:00:00 2001
From: anthony <anthony@cloud.com>
Date: Thu, 26 Jul 2012 14:32:08 -0700
Subject: [PATCH] VPC : this is default iptables for vpc route

---
 .../debian/config/etc/iptables/iptables-vpcrouter     |  4 ++--
 .../debian/config/etc/iptables/rt_tables_init         | 11 +++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 patches/systemvm/debian/config/etc/iptables/rt_tables_init

diff --git a/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter b/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter
index c1d0c158cc2..f60a1e41234 100644
--- a/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter
+++ b/patches/systemvm/debian/config/etc/iptables/iptables-vpcrouter
@@ -9,10 +9,11 @@ COMMIT
 :OUTPUT ACCEPT [0:0]
 -A INPUT -d 224.0.0.18/32 -j ACCEPT
 -A INPUT -d 225.0.0.50/32 -j ACCEPT
--A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 COMMIT
 *mangle
 :PREROUTING ACCEPT [0:0]
@@ -20,6 +21,5 @@ COMMIT
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
--A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
 -A OUTPUT -p udp --dport bootpc -j CHECKSUM --checksum-fill
 COMMIT
diff --git a/patches/systemvm/debian/config/etc/iptables/rt_tables_init b/patches/systemvm/debian/config/etc/iptables/rt_tables_init
new file mode 100644
index 00000000000..07ffaf3baa5
--- /dev/null
+++ b/patches/systemvm/debian/config/etc/iptables/rt_tables_init
@@ -0,0 +1,11 @@
+#
+# reserved values
+#
+255     local
+254     main
+253     default
+0       unspec
+#
+# local
+#
+#1      inr.ruhep