Add source CIDR filter on OUTPUT chain rule

winterhazel · winterhazel · commit 742f8454ab68 · 2024-11-01T09:22:03.000-03:00
diff --git a/systemvm/debian/opt/cloud/bin/configure.py b/systemvm/debian/opt/cloud/bin/configure.py
@@ -1229,7 +1229,10 @@ def forward_vpc(self, rule):
         if not rule["internal_ports"] == "any":
             fw_prerout_rule += ":" + self.portsToString(rule["internal_ports"], "-")
 
-        fw_output_rule = "-A OUTPUT -d %s/32" % rule["public_ip"]
+        fw_output_rule = "-A OUTPUT"
+        if "source_cidr_list" in rule and rule["source_cidr_list"]:
+            fw_output_rule += " -s %s" % rule["source_cidr_list"]
+        fw_output_rule += " -d %s/32" % rule["public_ip"]
         if not rule["protocol"] == "any":
             fw_output_rule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
         if not rule["public_ports"] == "any":
