vr: fix packet interface mismatch (#6656)

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Daan Hoogland <daan@onecht.net>
This commit is contained in:
Abhishek Kumar 2022-09-29 20:32:28 +05:30 committed by GitHub
parent 33bd08369b
commit 67024b036a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 3 deletions

View File

@ -181,19 +181,22 @@ class CsAcl(CsDataBag):
if self.direction == 'ingress':
for cidr in self.rule['cidr']:
action = self.rule['action']
if action == "ACCEPT":
action = "RETURN"
if rule['protocol'] == "icmp":
self.fw.append(["mangle", "front",
" -A FIREWALL_%s" % self.ip +
" -s %s " % cidr +
" -p %s " % rule['protocol'] +
" --icmp-type %s -j %s" % (icmp_type, self.rule['action'])])
" --icmp-type %s -j %s" % (icmp_type, action)])
else:
self.fw.append(["mangle", "front",
" -A FIREWALL_%s" % self.ip +
" -s %s " % cidr +
" -p %s " % rule['protocol'] +
" -m %s " % rule['protocol'] +
" %s -j %s" % (rnge, self.rule['action'])])
" %s -j %s" % (rnge, action)])
sflag = False
dflag = False

View File

@ -423,7 +423,7 @@ class CsIP:
"-d %s/32 -j FIREWALL_%s" % (self.address['public_ip'], self.address['public_ip'])])
self.fw.append(["mangle", "front",
"-A FIREWALL_%s " % self.address['public_ip'] +
"-m state --state RELATED,ESTABLISHED -j ACCEPT"])
"-m state --state RELATED,ESTABLISHED -j RETURN"])
self.fw.append(["mangle", "",
"-A FIREWALL_%s -j DROP" % self.address['public_ip']])
self.fw.append(["mangle", "",