From b8d25ef70bb8078ca4743e4a7c5b8958930391e2 Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Wed, 27 Mar 2019 11:19:56 -0400
Subject: [PATCH] TT#56007 TT#55864 make RTPENGINE rules UDP only

The rtpengine kernel module only cares about UDP packets, so narrow down
our iptables rule accordingly.

Change-Id: I33856efa6b39372104b05ec0dc6f34ad0b5e0cbd
(cherry picked from commit cd23c0504439327cc0aac3167e2deb87bd2c4a95)
---
 debian/ngcp-rtpengine-iptables-setup | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/debian/ngcp-rtpengine-iptables-setup b/debian/ngcp-rtpengine-iptables-setup
index 57be04458..6656f7d90 100755
--- a/debian/ngcp-rtpengine-iptables-setup
+++ b/debian/ngcp-rtpengine-iptables-setup
@@ -52,12 +52,14 @@ firewall_setup()
 
   iptables -N rtpengine 2>/dev/null
   iptables -D INPUT -j rtpengine 2>/dev/null
-  iptables -I INPUT -j rtpengine
+  iptables -D INPUT -p udp -j rtpengine 2>/dev/null
+  iptables -I INPUT -p udp -j rtpengine
   iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
   iptables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
   ip6tables -N rtpengine 2>/dev/null
   ip6tables -D INPUT -j rtpengine 2>/dev/null
-  ip6tables -I INPUT -j rtpengine
+  ip6tables -D INPUT -p udp -j rtpengine 2>/dev/null
+  ip6tables -I INPUT -p udp -j rtpengine
   ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
   ip6tables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
 }