From a051a54962fc33c6d02bb3979f57548ed4cc81da Mon Sep 17 00:00:00 2001
From: Isaac Hollander McCreery <ihmccreery@google.com>
Date: Thu, 2 Nov 2017 07:20:07 -0700
Subject: [PATCH] Explicitly set route_localnet on nodes & masters.

Allow for loopback addresses to be used for routing, specifically to
enable metadata proxy on master nodes.
---
 cluster/gce/gci/configure-helper.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh
index 12f7b6ec77..99a563c081 100644
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -34,6 +34,11 @@ function setup-os-params {
 
 function config-ip-firewall {
   echo "Configuring IP firewall rules"
+
+  # Do not consider loopback addresses as martian source or destination while
+  # routing. This enables the use of 127/8 for local routing purposes.
+  sysctl -w net.ipv4.conf.all.route_localnet=1
+
   # The GCI image has host firewall which drop most inbound/forwarded packets.
   # We need to add rules to accept all TCP/UDP/ICMP packets.
   if iptables -L INPUT | grep "Chain INPUT (policy DROP)" > /dev/null; then