[iptables-helper] Allways allow loopback

author: Simon Rettberg 2021-02-23 12:27:30 +0100
committer: Simon Rettberg 2021-02-23 12:27:30 +0100
commit: a36a681c8487298e3a28247a062cc95e317fd054 (patch)
tree: 89e4fe2a37ab5bd0f59af2033c13abf59e442a05 /core/modules/iptables-helper
parent: [run-virt] set-firewall: Support port in add_ips, add conntrack RELATED (diff)
download: mltk-a36a681c8487298e3a28247a062cc95e317fd054.tar.gz
mltk-a36a681c8487298e3a28247a062cc95e317fd054.tar.xz
mltk-a36a681c8487298e3a28247a062cc95e317fd054.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/core/modules/iptables-helper/data/opt/openslx/iptables/iptables-reloader-worker b/core/modules/iptables-helper/data/opt/openslx/iptables/iptables-reloader-worker
index 0c8277a2..62eada61 100755
--- a/core/modules/iptables-helper/data/opt/openslx/iptables/iptables-reloader-worker
+++ b/core/modules/iptables-helper/data/opt/openslx/iptables/iptables-reloader-worker
@@ -62,6 +62,11 @@ reload_rules () {
 		iptables -w -t mangle -I "$chain" 1 -j "ipt-helper-$chain"
 	done
 
+	# Loopback
+	iptables -w -A ipt-helper-INPUT -i lo -j ACCEPT
+	iptables -w -A ipt-helper-OUTPUT -o lo -j ACCEPT
+	# TODO: IPv6 (in general)
+
 	# Apply
 	local LOGFILE=$(mktemp)
 	local DISABLED="/opt/openslx/iptables/rules.d/disabled/"
author	Simon Rettberg	2021-02-23 12:27:30 +0100
committer	Simon Rettberg	2021-02-23 12:27:30 +0100
commit	a36a681c8487298e3a28247a062cc95e317fd054 (patch)
tree	89e4fe2a37ab5bd0f59af2033c13abf59e442a05 /core/modules/iptables-helper
parent	[run-virt] set-firewall: Support port in add_ips, add conntrack RELATED (diff)
download	mltk-a36a681c8487298e3a28247a062cc95e317fd054.tar.gz mltk-a36a681c8487298e3a28247a062cc95e317fd054.tar.xz mltk-a36a681c8487298e3a28247a062cc95e317fd054.zip