pikvm/pikvm#957: Added ESTABLISHED,RELATED rule to otgnet

2026-01-29 00:51:53 +08:00 · 2023-03-26 01:24:26 +02:00
parent 2cd2fa8722
commit f6283e1197
2 changed files with 15 additions and 0 deletions
--- a/kvmd/apps/otgnet/netctl.py
+++ b/kvmd/apps/otgnet/netctl.py
@@ -45,6 +45,19 @@ class IfaceAddIpCtl(BaseCtl):
        return [*self.__base_cmd, "address", ("add" if direct else "del"), self.__cidr, "dev", self.__iface]


+class IptablesAllowEstRelCtl(BaseCtl):
+    def __init__(self, base_cmd: list[str], iface: str) -> None:
+        self.__base_cmd = base_cmd
+        self.__iface = iface
+
+    def get_command(self, direct: bool) -> list[str]:
+        return [
+            *self.__base_cmd,
+            ("-A" if direct else "-D"), "INPUT", "-i", self.__iface,
+            "-m", "state", "--state", "ESTABLISHED,RELATED", "-j", "ACCEPT",
+        ]
+
+
 class IptablesDropAllCtl(BaseCtl):
    def __init__(self, base_cmd: list[str], iface: str) -> None:
        self.__base_cmd = base_cmd