Merge pull request #94 from rodis/fix/dhc_2430_remove_filter_rules

Remove unused filter rules

akanda/router/drivers/iptables.py

@@ -200,16 +200,6 @@ class IPTablesManager(base.Manager):
                 (6, network.interface.first_v6, defaults.DHCPV6)
             ):
                 if address:
-                    # Basic state-matching rules. Allows packets related to a
-                    # pre-established session to pass.
-                    rules.append(Rule(
-                        '-A FORWARD -d %s -o %s -m state '
-                        '--state RELATED,ESTABLISHED -j ACCEPT' % (
-                            address,
-                            network.interface.ifname
-                        ), ip_version=version
-                    ))
-
                     # Allow DHCP
                     rules.append(Rule(
                         '-A INPUT -i %s -p udp -m udp --dport %s -j ACCEPT' % (

test/unit/drivers/test_iptables.py

@@ -68,7 +68,6 @@ V4_OUTPUT = [
     '-A INPUT -i lo -j ACCEPT',
     '-A INPUT -p icmp --icmp-type echo-request -j ACCEPT',
     '-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT',
-    '-A FORWARD -d 192.168.0.1 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT',  # noqa
     '-A INPUT -i eth2 -p udp -m udp --dport 67 -j ACCEPT',
     '-A INPUT -i eth2 -p tcp -m tcp --dport 67 -j ACCEPT',
     '-A INPUT -i eth2 -j ACCEPT',
@@ -98,7 +97,6 @@ V6_OUTPUT = [
     '-A INPUT -i eth0 -p tcp -m tcp --dport 5000 -j ACCEPT',
     '-A INPUT -i eth0 -p tcp -m tcp --dport 9697 -j ACCEPT',
     '-A INPUT -i !eth0 -d fdca:3ba5:a17a:acda:f816:3eff:fe66:33b6 -j DROP',
-    '-A FORWARD -d fdd6:a1fa:cfa8:9df::1 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT',  # noqa
     '-A INPUT -i eth2 -p udp -m udp --dport 546 -j ACCEPT',
     '-A INPUT -i eth2 -p tcp -m tcp --dport 546 -j ACCEPT',
     '-A INPUT -i eth2 -j ACCEPT',