meta-google: gbmc-bridge: accept all bmc initiated connection All traffic to/from tray are via gbmcbr. We need to allow the incoming traffic that establish a tcp connection to allow bmc client traffic like netboot downloading. This add a rule for that. Change-Id: I2f3afeea6320b20d7e0f740b102b2f227799032d Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>

commit: 861ed8f3b21666fe471f33f1f737faca70898ebd [log] [tgz]
author: Yuxiao Zhang <yuxiaozhang@google.com> Wed Apr 19 14:21:26 2023 -0700
committer: Yuxiao Zhang <yuxiaozhang@google.com> Wed Apr 19 21:35:34 2023 +0000
tree: 912e2b196b1906d03ce386335bfce93b59a67b58
parent: 377306d53a6dd35b2975621fcc9564c87c64f456 [diff]
diff --git a/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules b/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules
index 475cc02..9d82e61 100644
--- a/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules
+++ b/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules

@@ -12,6 +12,7 @@
   chain gbmc_br_input {
     type filter hook input priority 0; policy drop;
     iifname != gbmcbr accept
+    ct state established accept
     jump gbmc_br_int_input
     jump gbmc_br_pub_input
     reject
commit	861ed8f3b21666fe471f33f1f737faca70898ebd	[log] [tgz]
author	Yuxiao Zhang <yuxiaozhang@google.com>	Wed Apr 19 14:21:26 2023 -0700
committer	Yuxiao Zhang <yuxiaozhang@google.com>	Wed Apr 19 21:35:34 2023 +0000
tree	912e2b196b1906d03ce386335bfce93b59a67b58
parent	377306d53a6dd35b2975621fcc9564c87c64f456 [diff]