Skip to content

Update expected iptable rule on smart switch #20271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update expected iptable rule on smart switch #20271

wants to merge 1 commit into from

Conversation

weiguo-nvidia
Copy link
Contributor

Description of PR

Summary: Update expected iptable rule on smart switch
Fixes #
An new iptable was added on smart switch by PR sonic-net/sonic-host-services#301. After the change, a new rule -A INPUT -d 169.254.200.254/32 -j ACCEPT was generate after deploy minigraph.
Need update function generate_expected_rules in tests/cacl/test_cacl_application.py to include this rule

admin@router:~$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -s 127.0.0.1/32 -i lo -j ACCEPT
-A INPUT -d 169.254.200.254/32 -j ACCEPT             <<<
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

Note: The current PR needs to be merged after sonic-net/sonic-host-services#301 merge

Type of change

  • Bug fix
  • Testbed and Framework(new/improvement)
  • New Test case
    • Skipped for non-supported platforms
  • Test case improvement

Back port request

  • 202205
  • 202305
  • 202311
  • 202405
  • 202411
  • 202505

Approach

What is the motivation for this PR?

How did you do it?

Update function `generate_expected_rules

How did you verify/test it?

Regression pass

Any platform specific information?

Supported testbed topology if it's a new test case?

Documentation

@weiguo-nvidia
Update expected iptable rule on smart switch
968c256 
Change-Id: If9bd7e108e14c7ffc4dc28b0cad91caef20362e0
@mssonicbld
Copy link
Collaborator

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@weiguo-nvidia
Copy link
Contributor Author

/azpw run

@mssonicbld
Copy link
Collaborator

/AzurePipelines run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@weiguo-nvidia
Copy link
Contributor Author

/azpw run

@mssonicbld
Copy link
Collaborator

/AzurePipelines run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@weiguo-nvidia
Copy link
Contributor Author

/azpw run

@mssonicbld
Copy link
Collaborator

/AzurePipelines run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@roy-sror roy-sror requested a review from prsunny August 25, 2025 17:04
@weiguo-nvidia
Copy link
Contributor Author

Hi @prsunny , could you help review the PR? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prsunny prsunny Awaiting requested review from prsunny

1 more reviewer

@nhe-NV nhe-NV nhe-NV approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Request for 202505 branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@weiguo-nvidia @mssonicbld @nhe-NV