From f3881747be870cd84be78ae56c3c2f5ff0a2f86f Mon Sep 17 00:00:00 2001
From: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon, 10 Feb 2025 17:40:11 +0000
Subject: [PATCH] loxilb: change default loxilb firewall setting

loxilb 0.9.8 requires --egress flag for firewall
rule to masquerade/SNAT GREEN network source IP
for Internet access. to access host in RED network
another firewall rule is required.  see [0].

[0]: https://github.com/loxilb-io/loxilb/issues/957

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
---
 config/cfgroot/loxilb-FWconfig.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/cfgroot/loxilb-FWconfig.txt b/config/cfgroot/loxilb-FWconfig.txt
index 5aced859f..c817bed26 100644
--- a/config/cfgroot/loxilb-FWconfig.txt
+++ b/config/cfgroot/loxilb-FWconfig.txt
@@ -1 +1 @@
-{"fwAttr":[{"opts":{"counter":"0:0","doSnat":true,"toIP":"REDIP"},"ruleArguments":{"destinationIP":"0.0.0.0/0","portName":"green0","sourceIP":"0.0.0.0/0"}}]}
+{"fwAttr":[{"opts":{"counter":"0:0","doSnat":true,"onDefault":true,"toIP":"REDIP"},"ruleArguments":{"destinationIP":"0.0.0.0/0","portName":"green0","sourceIP":"0.0.0.0/0"}}]}