pikvm/pikvm#957: Added ESTABLISHED,RELATED rule to otgnet

author: Maxim Devaev <[email protected]> 2023-03-26 01:24:26 +0200
committer: Maxim Devaev <[email protected]> 2023-03-26 01:24:26 +0200
commit: f6283e1197511e134a4d9831999f7b54d1c5c672 (patch)
tree: ea2d7ef6815cc738f68e3d85abd705ab15600a20 /kvmd/apps/otgnet/__init__.py
parent: 2cd2fa87228bdd2c325513358df6bceaff790f92 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/kvmd/apps/otgnet/__init__.py b/kvmd/apps/otgnet/__init__.py
index a3d69216..b3bfd9a4 100644
--- a/kvmd/apps/otgnet/__init__.py
+++ b/kvmd/apps/otgnet/__init__.py
@@ -39,6 +39,7 @@ from .. import init
 from .netctl import BaseCtl
 from .netctl import IfaceUpCtl
 from .netctl import IfaceAddIpCtl
+from .netctl import IptablesAllowEstRelCtl
 from .netctl import IptablesDropAllCtl
 from .netctl import IptablesAllowIcmpCtl
 from .netctl import IptablesAllowPortCtl
@@ -101,6 +102,7 @@ class _Service:  # pylint: disable=too-many-instance-attributes
         ctls: list[BaseCtl] = [
             CustomCtl(self.__pre_start_cmd, self.__post_stop_cmd, placeholders),
             IfaceUpCtl(self.__ip_cmd, netcfg.iface),
+            IptablesAllowEstRelCtl(self.__iptables_cmd, netcfg.iface),
             *([IptablesAllowIcmpCtl(self.__iptables_cmd, netcfg.iface)] if self.__allow_icmp else []),
             *[
                 IptablesAllowPortCtl(self.__iptables_cmd, netcfg.iface, port, tcp)
author	Maxim Devaev <[email protected]>	2023-03-26 01:24:26 +0200
committer	Maxim Devaev <[email protected]>	2023-03-26 01:24:26 +0200
commit	f6283e1197511e134a4d9831999f7b54d1c5c672 (patch)
tree	ea2d7ef6815cc738f68e3d85abd705ab15600a20 /kvmd/apps/otgnet/__init__.py
parent	2cd2fa87228bdd2c325513358df6bceaff790f92 (diff)