[caclmgrd] remove default DROP rule on FORWARD chain (#5034)

2020-07-24 11:59:46 -07:00 · 2020-07-24 11:59:46 -07:00 · 4a2db8e216
commit 4a2db8e216
parent 0ec979dd30
1 changed files with 0 additions and 2 deletions
--- a/files/image_config/caclmgrd/caclmgrd
+++ b/files/image_config/caclmgrd/caclmgrd
@ -358,9 +358,7 @@ class ControlPlaneAclManager(object):
        # add iptables/ip6tables commands to drop all other incoming packets
        if num_ctrl_plane_acl_rules > 0:
            iptables_cmds.append("iptables -A INPUT -j DROP")
-            iptables_cmds.append("iptables -A FORWARD -j DROP")
            iptables_cmds.append("ip6tables -A INPUT -j DROP")
-            iptables_cmds.append("ip6tables -A FORWARD -j DROP")

        return iptables_cmds