Initial commit

2026-04-23 17:07:55 +08:00
commit b7e39e063b
16725 changed files with 1625565 additions and 0 deletions
@@ -0,0 +1,45 @@
+table inet filter {
+    chain ncsi_input {
+        type filter hook input priority 0; policy drop;
+        iifname != @NCSI_IF@ accept
+        ct state established accept
+        ip6 daddr ff00::/8 goto ncsi_brd_input
+        ip6 daddr fe80::/64 goto ncsi_legacy_input
+    }
+    chain ncsi_gbmc_br_pub_input {
+        jump gbmc_br_pub_input
+        jump ncsi_legacy_input
+        reject
+    }
+    chain gbmc_br_pub_input {
+      ip6 nexthdr icmpv6 accept
+    }
+    chain ncsi_legacy_input {
+        jump ncsi_any_input
+        tcp dport 3959 accept
+        udp dport 3959 accept
+        tcp dport 3967 accept
+        udp dport 3967 accept
+    }
+    chain ncsi_brd_input {
+        jump ncsi_any_input
+    }
+    chain ncsi_any_input {
+        icmpv6 type nd-neighbor-advert accept
+        icmpv6 type nd-neighbor-solicit accept
+        icmpv6 type nd-router-advert accept
+    }
+    chain ncsi_forward {
+        type filter hook forward priority 0; policy drop;
+        iifname != @NCSI_IF@ accept
+        oifname != gbmcbr drop
+        ip6 daddr fdb5:0481:10ce::/64 drop
+        ip6 saddr fdb5:0481:10ce::/64 drop
+    }
+    chain ncsi_dhcp_input {
+        type filter hook input priority 0; policy drop;
+        iifname != ncsigbmc accept
+        ip6 nexthdr icmpv6 accept
+        udp dport 547 accept
+    }
+}