[caclmgrd] remove default DROP rule on FORWARD chain (#5034)

jleveque · web-flow · commit 1587889b7ae3 · 2020-07-24T11:59:46.000-07:00
diff --git a/files/image_config/caclmgrd/caclmgrd b/files/image_config/caclmgrd/caclmgrd
@@ -378,9 +378,7 @@ class ControlPlaneAclManager(object):
         # add iptables/ip6tables commands to drop all other incoming packets
         if num_ctrl_plane_acl_rules > 0:
             iptables_cmds.append("iptables -A INPUT -j DROP")
-            iptables_cmds.append("iptables -A FORWARD -j DROP")
             iptables_cmds.append("ip6tables -A INPUT -j DROP")
-            iptables_cmds.append("ip6tables -A FORWARD -j DROP")
 
         return iptables_cmds
 
