diff options
author | Yuxiao Zhang <yuxiaozhang@google.com> | 2023-04-20 00:21:26 +0300 |
---|---|---|
committer | Yuxiao Zhang <yuxiaozhang@google.com> | 2023-04-20 00:35:34 +0300 |
commit | 861ed8f3b21666fe471f33f1f737faca70898ebd (patch) | |
tree | 912e2b196b1906d03ce386335bfce93b59a67b58 /meta-google | |
parent | 377306d53a6dd35b2975621fcc9564c87c64f456 (diff) | |
download | openbmc-861ed8f3b21666fe471f33f1f737faca70898ebd.tar.xz |
meta-google: gbmc-bridge: accept all bmc initiated connection
All traffic to/from tray are via gbmcbr. We need to allow the incoming
traffic that establish a tcp connection to allow bmc client traffic like
netboot downloading. This add a rule for that.
Change-Id: I2f3afeea6320b20d7e0f740b102b2f227799032d
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
Diffstat (limited to 'meta-google')
-rw-r--r-- | meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules b/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules index 475cc02f9e..9d82e61014 100644 --- a/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules +++ b/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules @@ -12,6 +12,7 @@ table inet filter { chain gbmc_br_input { type filter hook input priority 0; policy drop; iifname != gbmcbr accept + ct state established accept jump gbmc_br_int_input jump gbmc_br_pub_input reject |