Support LX Container on SINMA systems.

ip6t-firewall-server

@@ -229,6 +229,10 @@ if ${do_not_firewall_bridged_traffic} || ${do_not_firewall_lx_guest_systems} ; t
          ports="$(ip -o link show master "${_dev}" 2>/dev/null | awk -F': ' '{print $2}')"
 
          for _port in $ports ; do
+            echo ""
+            echo "$ip6t -A FORWARD -i "${_port}" -j ACCEPT"
+            echo "$ip6t -A FORWARD -o "${_port}" -j ACCEPT"
+            echo ""
             $ip6t -A FORWARD -i "${_port}" -j ACCEPT
             $ip6t -A FORWARD -o "${_port}" -j ACCEPT
             _done=true
@@ -919,7 +923,15 @@ echononl "\tICMPv6 - mandatory for IPv6 to work correctly!"
 for t in 1 2 3 4 128 129 133 134 135 136; do
    $ip6t -A INPUT  -p ipv6-icmp --icmpv6-type $t -j ACCEPT
    $ip6t -A OUTPUT -p ipv6-icmp --icmpv6-type $t -j ACCEPT
-   if $kernel_forward_between_interfaces ; then
+
+   # Normaly, 'do_not_firewall_bridged_traffic' and 'do_not_firewall_lx_guest_systems' must
+   # not be part of the if-clause, but in SINMA systems, this is needed for LX Container to
+   # work
+   #
+   if ${kernel_forward_between_interfaces} \
+      || ${do_not_firewall_bridged_traffic} \
+      || ${do_not_firewall_lx_guest_systems} ; then
+
       $ip6t -A FORWARD -p  ipv6-icmp --icmpv6-type "$t" -j ACCEPT
    fi
 done
@@ -2896,7 +2908,17 @@ echononl "\tDrop all other on all interfaces"
 
 $ip6t -A INPUT -j DROP
 $ip6t -A OUTPUT -j DROP
-$ip6t -A FORWARD -j DROP
+
+# Normaly FORWARD pakages shoul be dropped fpr all packages. but on sinma systems it is needed
+# to question also 'do_not_firewall_bridged_traffic' and 'do_not_firewall_lx_guest_systems'. 
+# Otherwise, LX Container won't work on SINMA systems.
+#
+if ${do_not_firewall_bridged_traffic} \
+   || ${do_not_firewall_lx_guest_systems} ; then
+   $ip6t -A FORWARD -j ACCEPT
+else
+   $ip6t -A FORWARD -j DROP
+fi
 
 echo_done