From 67024b036a0640ee1ee9aa79d0496ce6606aa58c Mon Sep 17 00:00:00 2001 From: Abhishek Kumar Date: Thu, 29 Sep 2022 20:32:28 +0530 Subject: [PATCH] vr: fix packet interface mismatch (#6656) Signed-off-by: Abhishek Kumar Co-authored-by: Daan Hoogland --- systemvm/debian/opt/cloud/bin/configure.py | 7 +++++-- systemvm/debian/opt/cloud/bin/cs/CsAddress.py | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/systemvm/debian/opt/cloud/bin/configure.py b/systemvm/debian/opt/cloud/bin/configure.py index 67e575bfb7a..2d873f8c974 100755 --- a/systemvm/debian/opt/cloud/bin/configure.py +++ b/systemvm/debian/opt/cloud/bin/configure.py @@ -181,19 +181,22 @@ class CsAcl(CsDataBag): if self.direction == 'ingress': for cidr in self.rule['cidr']: + action = self.rule['action'] + if action == "ACCEPT": + action = "RETURN" if rule['protocol'] == "icmp": self.fw.append(["mangle", "front", " -A FIREWALL_%s" % self.ip + " -s %s " % cidr + " -p %s " % rule['protocol'] + - " --icmp-type %s -j %s" % (icmp_type, self.rule['action'])]) + " --icmp-type %s -j %s" % (icmp_type, action)]) else: self.fw.append(["mangle", "front", " -A FIREWALL_%s" % self.ip + " -s %s " % cidr + " -p %s " % rule['protocol'] + " -m %s " % rule['protocol'] + - " %s -j %s" % (rnge, self.rule['action'])]) + " %s -j %s" % (rnge, action)]) sflag = False dflag = False diff --git a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py index e676bb5aedd..91422602bde 100755 --- a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py @@ -423,7 +423,7 @@ class CsIP: "-d %s/32 -j FIREWALL_%s" % (self.address['public_ip'], self.address['public_ip'])]) self.fw.append(["mangle", "front", "-A FIREWALL_%s " % self.address['public_ip'] + - "-m state --state RELATED,ESTABLISHED -j ACCEPT"]) + "-m state --state RELATED,ESTABLISHED -j RETURN"]) self.fw.append(["mangle", "", "-A FIREWALL_%s -j DROP" % self.address['public_ip']]) self.fw.append(["mangle", "",