Commit f6ea036
authored
caclmgrd: Don't block traffic to mgmt by default
*Currently the IP2ME rules block the management interface's identity address instead of the actual host address. This logic results in a DROP rule that hits the management interface address only in the case of /32 netmask - all other netmasks will result in traffic being accepted by default. Thus, it is exceedingly likely that the current DROP rule has never worked for management interfaces given that /32 are mainly loopback addresses, not for network links.2 files changed
Lines changed: 0 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
215 | 215 | | |
216 | 216 | | |
217 | 217 | | |
218 | | - | |
219 | 218 | | |
220 | 219 | | |
221 | 220 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
24 | 24 | | |
25 | 25 | | |
26 | 26 | | |
27 | | - | |
28 | 27 | | |
29 | 28 | | |
30 | 29 | | |
| |||
55 | 54 | | |
56 | 55 | | |
57 | 56 | | |
58 | | - | |
59 | 57 | | |
60 | 58 | | |
61 | 59 | | |
| |||
83 | 81 | | |
84 | 82 | | |
85 | 83 | | |
86 | | - | |
87 | 84 | | |
88 | 85 | | |
89 | 86 | | |
| |||
117 | 114 | | |
118 | 115 | | |
119 | 116 | | |
120 | | - | |
121 | 117 | | |
122 | 118 | | |
123 | 119 | | |
| |||
0 commit comments