Commit d6db3a93 authored by Leigh B Stoller's avatar Leigh B Stoller

Add accept rules to FORWARD table.

parent 744ec52e
......@@ -54,6 +54,7 @@ use libsetup;
use libtmcc;
use libutil;
use libtestbed;
use libgenvnode;
use libvnode;
#
......@@ -93,12 +94,23 @@ sub Online()
mysystem2("echo 1 > /proc/sys/net/ipv4/conf/$vif/proxy_arp");
mysystem2("$IPBIN link set $vif mtu 1450");
#
# We need to allow fowarding. vif-bridge does this, but since
# we are doing our own bridge setup, we have to do this here.
#
DoIPtables("-A FORWARD -m physdev --physdev-is-bridged --physdev-in ".
" $vif -j ACCEPT")
== 0 or return -1;
DoIPtables("-A FORWARD -m physdev --physdev-is-bridged --physdev-out ".
" $vif -j ACCEPT")
== 0 or return -1;
#
# Add the veth to the OVS bridge.
#
mysystem2("$OVSCTL add-port $bridge $vif") == 0
or return -1;
# Ug, tell xen hotplug that we really did what was needed.
mysystem2("xenstore-write '$XENBUS_PATH/hotplug-status' connected");
return 0;
......@@ -106,6 +118,11 @@ sub Online()
sub Offline()
{
DoIPtables("-D FORWARD -m physdev --physdev-is-bridged --physdev-in ".
" $vif -j ACCEPT");
DoIPtables("-D FORWARD -m physdev --physdev-is-bridged --physdev-out ".
" $vif -j ACCEPT");
mysystem2("$OVSCTL del-port $bridge $vifname") == 0
or return -1;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment