summaryrefslogtreecommitdiffstats
path: root/core/modules/run-virt/data
diff options
context:
space:
mode:
Diffstat (limited to 'core/modules/run-virt/data')
-rwxr-xr-xcore/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env15
1 files changed, 15 insertions, 0 deletions
diff --git a/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env b/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env
index 0022bfd0..c3fc378e 100755
--- a/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env
+++ b/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env
@@ -166,6 +166,21 @@ echo "1" >/proc/sys/net/ipv4/conf/nat1/forwarding
echo "1" >/proc/sys/net/ipv4/conf/br0/forwarding 2>/dev/null
# iptables masquerade rule is now inserted by /opt/openslx/iptables/rules.d/50-virt-nat1-masquerading
+# Whitelist all additionally bridged nics for forwarding
+extra=
+echo "#!/bin/ash" > "/tmp/nic-forward.tmp"
+for nic in /sys/class/net/br-nic-*; do
+ [ -d "$nic" ] || continue
+ extra=1
+ echo "iptables -A FORWARD -i ${nic##*/} -j ACCEPT"
+ echo "iptables -A FORWARD -o ${nic##*/} -j ACCEPT"
+done >> "/tmp/nic-forward.tmp"
+if [ -n "$extra" ]; then
+ chmod +x "/tmp/nic-forward.tmp"
+ mv "/tmp/nic-forward.tmp" "/opt/openslx/iptables/rules.d/10-forward-additional-nics"
+else
+ unlink "/tmp/nic-forward.tmp"
+fi
# creating and configuring vsw2
brctl addbr vsw2
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-23 07:21:26 +0200