This is an automated email from the ASF dual-hosted git repository.
sureshanaparti pushed a commit to branch 4.20
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.20 by this push:
new 1fc4cb90bff Routed VR: accept packets from related and established
connections (#12986)
1fc4cb90bff is described below
commit 1fc4cb90bff4d6e3cab6bb4d4de40903a8cef152
Author: Wei Zhou <[email protected]>
AuthorDate: Wed Apr 15 12:06:26 2026 +0200
Routed VR: accept packets from related and established connections (#12986)
---
systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py
b/systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py
index 80d64e8f2d9..93d0d0388ef 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py
@@ -244,6 +244,8 @@ class CsNetfilters(object):
CsHelper.execute("nft add chain %s %s %s '{ %s }'" % (address_family,
table, chain, chain_policy))
if hook == "input" or hook == "output":
CsHelper.execute("nft add rule %s %s %s icmp type { echo-request,
echo-reply } accept" % (address_family, table, chain))
+ elif hook == "forward":
+ CsHelper.execute("nft add rule %s %s %s ct state
established,related accept" % (address_family, table, chain))
def apply_nft_ipv4_rules(self, rules, type):
if len(rules) == 0:
