Allow metadata API in nft rules

2019-12-11 17:04:29 -05:00 · 2019-12-11 17:04:29 -05:00 · 88a181b20d
parent 52127f2938
commit 88a181b20d
1 changed files with 2 additions and 0 deletions
--- a/node-daemon/pvcd/VXNetworkInstance.py
+++ b/node-daemon/pvcd/VXNetworkInstance.py
@ -133,6 +133,8 @@ add rule inet filter input udp dport 53 meta iifname {bridgenic} counter accept
 add rule inet filter input udp dport 67 meta iifname {bridgenic} counter accept
 add rule inet filter input udp dport 123 meta iifname {bridgenic} counter accept
 add rule inet filter input ip6 nexthdr udp udp dport 547 meta iifname {bridgenic} counter accept
+# Allow metadata API into the router from network
+add rule inet filter input tcp dport 80 meta iifname {bridgenic} counter accept
 # Block traffic into the router from network
 add rule inet filter input meta iifname {bridgenic} counter drop
 """.format(