meta-google: gbmc-bridge: accept all bmc initiated connection

All traffic to/from tray are via gbmcbr. We need to allow the incoming traffic that establish a tcp connection to allow bmc client traffic like netboot downloading. This add a rule for that. Change-Id: I2f3afeea6320b20d7e0f740b102b2f227799032d Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
author: Yuxiao Zhang <yuxiaozhang@google.com> 2023-04-20 00:21:26 +0300
committer: Yuxiao Zhang <yuxiaozhang@google.com> 2023-04-20 00:35:34 +0300
commit: 861ed8f3b21666fe471f33f1f737faca70898ebd (patch)
tree: 912e2b196b1906d03ce386335bfce93b59a67b58 /meta-google
parent: 377306d53a6dd35b2975621fcc9564c87c64f456 (diff)
download: openbmc-861ed8f3b21666fe471f33f1f737faca70898ebd.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules b/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules
index 475cc02f9e..9d82e61014 100644
--- a/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules
+++ b/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules
@@ -12,6 +12,7 @@ table inet filter {
   chain gbmc_br_input {
     type filter hook input priority 0; policy drop;
     iifname != gbmcbr accept
+    ct state established accept
     jump gbmc_br_int_input
     jump gbmc_br_pub_input
     reject
author	Yuxiao Zhang <yuxiaozhang@google.com>	2023-04-20 00:21:26 +0300
committer	Yuxiao Zhang <yuxiaozhang@google.com>	2023-04-20 00:35:34 +0300
commit	861ed8f3b21666fe471f33f1f737faca70898ebd (patch)
tree	912e2b196b1906d03ce386335bfce93b59a67b58 /meta-google
parent	377306d53a6dd35b2975621fcc9564c87c64f456 (diff)
download	openbmc-861ed8f3b21666fe471f33f1f737faca70898ebd.tar.xz