From 38f32c7cba0a34262c1f1e49a16e837f89387332 Mon Sep 17 00:00:00 2001
From: Nanma Purushotam <gupurush@gmail.com>
Date: Thu, 26 Dec 2024 19:24:09 -0800
Subject: [PATCH] patch add iptables rules for eth0 interface filtering

---
 scripts/caclmgrd | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/caclmgrd b/scripts/caclmgrd
index eafb0f21..7edaeee4 100755
--- a/scripts/caclmgrd
+++ b/scripts/caclmgrd
@@ -791,6 +791,11 @@ class ControlPlaneAclManager(daemon_base.DaemonBase):
                             # Append the packet action as the jump target
                             rule_cmd += ["-j", "{}".format(rule_props["PACKET_ACTION"])]
 
+                            if (dst_port not in self.ACL_SERVICES["NTP"]["dst_ports"] and
+                                dst_port not in self.ACL_SERVICES["SNMP"]["dst_ports"] and
+                                dst_port not in self.ACL_SERVICES["SSH"]["dst_ports"]):
+                                rule_cmd = self.exclude_mgmt_port(rule_cmd)
+
                             iptables_cmds.append(self.iptables_cmd_ns_prefix[namespace] + rule_cmd)
                             num_ctrl_plane_acl_rules += 1