matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[caclmgrd] remove default DROP rule on FORWARD chain (#5034)

Browse Source
This commit is contained in:
Joe LeVeque 2020-07-24 11:59:46 -07:00 committed by GitHub
parent 55d3ecd267
commit 1587889b7a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
files/image_config/caclmgrd/caclmgrd
View File

@ -378,9 +378,7 @@ class ControlPlaneAclManager(object):
# add iptables/ip6tables commands to drop all other incoming packets
if num_ctrl_plane_acl_rules > 0:
iptables_cmds.append("iptables -A INPUT -j DROP")
iptables_cmds.append("iptables -A FORWARD -j DROP")
iptables_cmds.append("ip6tables -A INPUT -j DROP")
iptables_cmds.append("ip6tables -A FORWARD -j DROP")
return iptables_cmds