From 88a181b20d80cd79ef8655394361fe08dc5f8a67 Mon Sep 17 00:00:00 2001
From: Joshua Boniface <joshua@boniface.me>
Date: Wed, 11 Dec 2019 17:04:29 -0500
Subject: [PATCH] Allow metadata API in nft rules

---
 node-daemon/pvcd/VXNetworkInstance.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/node-daemon/pvcd/VXNetworkInstance.py b/node-daemon/pvcd/VXNetworkInstance.py
index 8902c238..44768380 100644
--- a/node-daemon/pvcd/VXNetworkInstance.py
+++ b/node-daemon/pvcd/VXNetworkInstance.py
@@ -133,6 +133,8 @@ add rule inet filter input udp dport 53 meta iifname {bridgenic} counter accept
 add rule inet filter input udp dport 67 meta iifname {bridgenic} counter accept
 add rule inet filter input udp dport 123 meta iifname {bridgenic} counter accept
 add rule inet filter input ip6 nexthdr udp udp dport 547 meta iifname {bridgenic} counter accept
+# Allow metadata API into the router from network
+add rule inet filter input tcp dport 80 meta iifname {bridgenic} counter accept
 # Block traffic into the router from network
 add rule inet filter input meta iifname {bridgenic} counter drop
 """.format(