openvmm: allow forwarded SSH from non-default host NIC

vyadavmsft · vyadavmsft · commit 4c52aefd3ddb · 2026-06-25T23:28:44.000-07:00
diff --git a/lisa/sut_orchestrator/openvmm/node.py b/lisa/sut_orchestrator/openvmm/node.py
@@ -1527,12 +1527,12 @@ def _enable_ssh_forwarding(
                 "-m state --state RELATED,ESTABLISHED -j ACCEPT"
             ),
             (
-                "iptables -C FORWARD -i "
-                f"{shlex.quote(forwarding_interface)} -o {shlex.quote(host_interface)} "
+                "iptables -C FORWARD ! -i "
+                f"{shlex.quote(host_interface)} -o {shlex.quote(host_interface)} "
                 f"-p tcp -d {guest_address} --dport {guest_port} -j ACCEPT "
                 "|| "
-                "iptables -I FORWARD -i "
-                f"{shlex.quote(forwarding_interface)} -o {shlex.quote(host_interface)} "
+                "iptables -I FORWARD ! -i "
+                f"{shlex.quote(host_interface)} -o {shlex.quote(host_interface)} "
                 f"-p tcp -d {guest_address} --dport {guest_port} -j ACCEPT"
             ),
             (
@@ -1634,8 +1634,8 @@ def _disable_ssh_forwarding_context(
                 "-m state --state RELATED,ESTABLISHED -j ACCEPT || true"
             ),
             (
-                "iptables -D FORWARD -i "
-                f"{shlex.quote(forwarding_interface)} -o {shlex.quote(host_interface)} "
+                "iptables -D FORWARD ! -i "
+                f"{shlex.quote(host_interface)} -o {shlex.quote(host_interface)} "
                 f"-p tcp -d {guest_address} --dport {guest_port} -j ACCEPT || true"
             ),
             (
