IPv6 firewall: accept packets from related and established connections (apache#10970)

* IPv6 firewall: accept related packets and packets from established connections

* Remove rule from input chain

Author: winterhazel

systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py

@@ -232,6 +232,8 @@ def add_ip6_chain(self, address_family, table, chain, hook, action):
         if hook == "input" or hook == "output":
             CsHelper.execute("nft add rule %s %s %s icmpv6 type { echo-request, echo-reply, \
                 nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept" % (address_family, table, chain))
+        elif hook == "forward":
+            CsHelper.execute("nft add rule %s %s %s ct state established,related accept" % (address_family, table, chain))
 
     def add_ip4_chain(self, address_family, table, chain, hook, action):
         chain_policy = ""