From 120e90f53fdaf8c9e431a1d7aed0aba3f2e0acac Mon Sep 17 00:00:00 2001
From: Rene Moser <resmo@apache.org>
Date: Mon, 13 Nov 2017 13:45:52 +0100
Subject: [PATCH] CLOUDSTACK-10043: fix restore default drop for egress rules
 in ACL

---
 systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
index 071a7b2ec488..555440c7771d 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@@ -455,6 +455,9 @@ def fw_vpcrouter(self):
                 ["mangle", "front", "-A ACL_OUTBOUND_%s -d 225.0.0.50/32 -j ACCEPT" % self.dev])
             self.fw.append(
                 ["mangle", "front", "-A ACL_OUTBOUND_%s -d 224.0.0.18/32 -j ACCEPT" % self.dev])
+            self.fw.append(
+                ["mangle", "", "-A ACL_OUTBOUND_%s -j DROP" % self.dev])
+
             self.fw.append(
                 ["filter", "", "-A INPUT -i %s -p udp -m udp --dport 67 -j ACCEPT" % self.dev])
             self.fw.append(
@@ -717,4 +720,3 @@ def cpus(self):
         if count < 2:
             logging.debug("Single CPU machine")
         return count
-