From 8c5192827ca98211d924eef7f7acead0a9d3aa8d Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 16 Feb 2022 09:08:28 +0100
Subject: [run-virt] Allow FORWARDing for all additional bridged NICs

---
 .../data/opt/openslx/scripts/systemd-run_virt_env         | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'core/modules/run-virt/data/opt/openslx')

diff --git a/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env b/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env
index 0022bfd0..c3fc378e 100755
--- a/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env
+++ b/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env
@@ -166,6 +166,21 @@ echo "1" >/proc/sys/net/ipv4/conf/nat1/forwarding
 echo "1" >/proc/sys/net/ipv4/conf/br0/forwarding 2>/dev/null
 # iptables masquerade rule is now inserted by /opt/openslx/iptables/rules.d/50-virt-nat1-masquerading
 
+# Whitelist all additionally bridged nics for forwarding
+extra=
+echo "#!/bin/ash" > "/tmp/nic-forward.tmp"
+for nic in /sys/class/net/br-nic-*; do
+	[ -d "$nic" ] || continue
+	extra=1
+	echo "iptables -A FORWARD -i ${nic##*/} -j ACCEPT"
+	echo "iptables -A FORWARD -o ${nic##*/} -j ACCEPT"
+done >> "/tmp/nic-forward.tmp"
+if [ -n "$extra" ]; then
+	chmod +x "/tmp/nic-forward.tmp"
+	mv "/tmp/nic-forward.tmp" "/opt/openslx/iptables/rules.d/10-forward-additional-nics"
+else
+	unlink "/tmp/nic-forward.tmp"
+fi
 
 # creating and configuring vsw2
 brctl addbr vsw2
-- 
cgit v1.2.3-55-g7522