Initial commit
This commit is contained in:
Your Name
@@ -0,0 +1,38 @@
|
||||
table bridge filter {
|
||||
chain gbmc_br_prerouting {
|
||||
type filter hook prerouting priority 0;
|
||||
iifname != gbmcbr accept
|
||||
# Sometimes our links are over NCSI and we don't want to broadcast
|
||||
# those packets over the entire bridge. They are only relevant P2P.
|
||||
ether type 0x88F8 drop
|
||||
}
|
||||
}
|
||||
|
||||
table inet filter {
|
||||
chain gbmc_br_input {
|
||||
type filter hook input priority 0; policy drop;
|
||||
iifname != gbmcbr accept
|
||||
mark 0xff drop
|
||||
ct state established accept
|
||||
jump gbmc_br_int_input
|
||||
jump gbmc_br_pub_input
|
||||
reject
|
||||
}
|
||||
set gbmc_br_int_addrs {
|
||||
type ipv6_addr;
|
||||
flags interval
|
||||
elements = {
|
||||
ff00::/8,
|
||||
fe80::/64,
|
||||
fdb5:0481:10ce::/64,
|
||||
}
|
||||
}
|
||||
chain gbmc_br_int_input {
|
||||
ip6 daddr @gbmc_br_int_addrs accept
|
||||
ip6 saddr @gbmc_br_int_addrs accept
|
||||
}
|
||||
chain gbmc_br_pub_input {
|
||||
ip6 nexthdr icmpv6 accept
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user