Skip to content

Commit

Permalink
Install rules allowing outward traffic in npc mode
Browse files Browse the repository at this point in the history
  • Loading branch information
@bboreham
bboreham committed May 18, 2017
1 parent 83eba7c commit 4ae1c90
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions net/bridge.go
View file
Expand Up @@ -453,14 +453,14 @@ func configureIPTables(config *BridgeConfig) error {
if err = ipt.AppendUnique("filter", "FORWARD", "-i", config.WeaveBridgeName, "-o", config.WeaveBridgeName, "-j", "ACCEPT"); err != nil {
return err
}
// Forward from weave to the rest of the world
if err = ipt.AppendUnique("filter", "FORWARD", "-i", config.WeaveBridgeName, "!", "-o", config.WeaveBridgeName, "-j", "ACCEPT"); err != nil {
return err
}
// and allow replies back
if err = ipt.AppendUnique("filter", "FORWARD", "-o", config.WeaveBridgeName, "-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT"); err != nil {
return err
}
}
// Forward from weave to the rest of the world
if err = ipt.AppendUnique("filter", "FORWARD", "-i", config.WeaveBridgeName, "!", "-o", config.WeaveBridgeName, "-j", "ACCEPT"); err != nil {
return err
}
// and allow replies back
if err = ipt.AppendUnique("filter", "FORWARD", "-o", config.WeaveBridgeName, "-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT"); err != nil {
return err
}

// create a chain for masquerading
Expand Down

0 comments on commit 4ae1c90

Please sign in to comment.