Skip to content

Commit 7e93363

Browse files
weizhouapachedhslove
weizhouapache
authored and
dhslove
committed
VPC VR: fix ACL between tier and private gateway (apache#10268)
1 parent 85dfda4 commit 7e93363

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

systemvm/debian/opt/cloud/bin/cs/CsAddress.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -556,8 +556,10 @@ def fw_vpcrouter(self):
556556
(self.dev, guestNetworkCidr, self.address['gateway'], self.dev)])
557557

558558
if self.is_private_gateway():
559-
self.fw.append(["filter", "", "-A FORWARD -d %s -o %s -j ACL_INBOUND_%s" %
559+
self.fw.append(["filter", "front", "-A FORWARD -d %s -o %s -j ACL_INBOUND_%s" %
560560
(self.address['network'], self.dev, self.dev)])
561+
self.fw.append(["filter", "front", "-A FORWARD -d %s -o %s -m state --state RELATED,ESTABLISHED -j ACCEPT" %
562+
(self.address['network'], self.dev)])
561563
self.fw.append(["filter", "", "-A ACL_INBOUND_%s -j DROP" % self.dev])
562564
self.fw.append(["mangle", "",
563565
"-A PREROUTING -m state --state NEW -i %s -s %s ! -d %s/32 -j ACL_OUTBOUND_%s" %

0 commit comments

Comments
 (0)