[Multi-Asic] Fix for multi-asic where we should allow docker local (#…

…5364) communication on docker eth0 ip . Without this TCP Connection to Redis does not happen in namespace. Signed-off-by: Abhishek Dosi <abdosi@abdosi-ubuntu-vm0.nwp1qucpfg5ejooejenqshkj3e.cx.internal.cloudapp.net> Co-authored-by: Abhishek Dosi <abdosi@abdosi-ubuntu-vm0.nwp1qucpfg5ejooejenqshkj3e.cx.internal.cloudapp.net>
sonic-net · Sep 16, 2020 · d12e9cb · d12e9cb
1 parent 642479f
commit d12e9cb
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/files/image_config/caclmgrd/caclmgrd b/files/image_config/caclmgrd/caclmgrd
@@ -182,6 +182,10 @@ class ControlPlaneAclManager(daemon_base.DaemonBase):
  allow_internal_docker_ip_cmds = []
 
  if namespace:
+ # For namespace docker allow local communication on docker management ip for all proto
+ allow_internal_docker_ip_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "iptables -A INPUT -s {} -d {} -j ACCEPT".format
+ (self.namespace_docker_mgmt_ip[namespace], self.namespace_docker_mgmt_ip[namespace]))
+
  # For namespace docker allow all tcp/udp traffic from host docker bridge to its eth0 management ip
  allow_internal_docker_ip_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "iptables -A INPUT -p tcp -s {} -d {} -j ACCEPT".format
  (self.namespace_mgmt_ip, self.namespace_docker_mgmt_ip[namespace]))