[caclmgrd] remove default DROP rule on FORWARD chain (#5034)

2020-07-24 11:59:46 -07:00 · 2020-07-24 11:59:46 -07:00 · 6120145bf1
commit 6120145bf1
parent 59072a627b
1 changed files with 0 additions and 2 deletions
--- a/files/image_config/caclmgrd/caclmgrd
+++ b/files/image_config/caclmgrd/caclmgrd
@ -410,9 +410,7 @@ class ControlPlaneAclManager(object):
        # add iptables/ip6tables commands to drop all other incoming packets
        if num_ctrl_plane_acl_rules > 0:
            iptables_cmds.append("iptables -A INPUT -j DROP")
-            iptables_cmds.append("iptables -A FORWARD -j DROP")
            iptables_cmds.append("ip6tables -A INPUT -j DROP")
-            iptables_cmds.append("ip6tables -A FORWARD -j DROP")

        return iptables_cmds