From adc058b28a9dc7abbb4dc1d5392ac28570255630 Mon Sep 17 00:00:00 2001 From: Christian Svensson Date: Tue, 9 Aug 2022 09:07:43 +0200 Subject: [PATCH 1/2] caclmgrd: Don't block traffic to mgmt by default Signed-off-by: Christian Svensson --- scripts/caclmgrd | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/caclmgrd b/scripts/caclmgrd index 4af588e28de6..19e42a8b48a8 100755 --- a/scripts/caclmgrd +++ b/scripts/caclmgrd @@ -215,7 +215,6 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): def generate_block_ip2me_traffic_iptables_commands(self, namespace): INTERFACE_TABLE_NAME_LIST = [ "LOOPBACK_INTERFACE", - "MGMT_INTERFACE", "VLAN_INTERFACE", "PORTCHANNEL_INTERFACE", "INTERFACE" From a712fc404b0248ec4f564362989dd8eb16dcac07 Mon Sep 17 00:00:00 2001 From: Christian Svensson Date: Tue, 9 Aug 2022 09:32:32 +0200 Subject: [PATCH 2/2] Update test cases Signed-off-by: Christian Svensson --- tests/caclmgrd/test_ip2me_vectors.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/caclmgrd/test_ip2me_vectors.py b/tests/caclmgrd/test_ip2me_vectors.py index 0f6378164280..0784eb664e46 100644 --- a/tests/caclmgrd/test_ip2me_vectors.py +++ b/tests/caclmgrd/test_ip2me_vectors.py @@ -24,7 +24,6 @@ "FEATURE": {}, }, "return": [ - "iptables -A INPUT -d 172.18.0.0/32 -j DROP" ], }, ], @@ -55,7 +54,6 @@ }, "return": [ "iptables -A INPUT -d 10.10.10.10/32 -j DROP", - "iptables -A INPUT -d 172.18.0.0/32 -j DROP", "iptables -A INPUT -d 10.10.11.10/32 -j DROP", "iptables -A INPUT -d 10.10.12.10/32 -j DROP", ], @@ -83,7 +81,6 @@ "FEATURE": {}, }, "return": [ - "iptables -A INPUT -d 172.18.0.0/32 -j DROP", "iptables -A INPUT -d 10.10.11.1/32 -j DROP", ], }, @@ -117,7 +114,6 @@ }, "return": [ "ip6tables -A INPUT -d 2001:db8:10::/128 -j DROP", - "ip6tables -A INPUT -d 2001:db8:200::/128 -j DROP", "ip6tables -A INPUT -d 2001:db8:11::1/128 -j DROP", "ip6tables -A INPUT -d 2001:db8:12::/128 -j DROP", "ip6tables -A INPUT -d 2001:db8:13::/128 -j DROP"