[Bug 1674] ebtables causing packet loss
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu May 4 17:21:34 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1674
--- Comment #8 from Simon G. Trajkovski <neur0armitage at proton.me> ---
It is 2023, why use ebtables?
### step no.1; add skeleton ruleset w/maps
table bridge filter {
map proto_ifname_map {
typeof meta protocol . meta iifname : verdict
}
chain input {
type filter hook input priority filter; policy accept;
meta protocol . meta iifname vmap @proto_ifname_map
counter drop
}
chain forward {
type filter hook forward priority filter; policy accept;
meta protocol . meta iifname vmap @proto_ifname_map
counter drop
}
}
### step no.2; add rules for every virtual machine
add chain bridge filter v1001
add chain bridge filter v1001IPV6
add chain bridge filter v1001ARPIN
add map bridge filter v1001_ip_map { typeof ether saddr . ip saddr : verdict; }
add element bridge filter v1001_ip_map { 00:ff:ff:52:69:ac . 192.168.122.204 :
accept }
add rule bridge filter v1001 ether saddr . ip saddr vmap @v1001_ip_map
add map bridge filter v1001_arp_map { typeof arp saddr ether . arp saddr ip :
verdict; }
add element bridge filter v1001_arp_map { 00:ff:ff:52:69:ac . 192.168.122.204 :
accept }
add rule bridge filter v1001ARPIN arp saddr ether . arp saddr ip vmap
@v1001_arp_map
add rule bridge filter v1001IPV6 drop
add element bridge filter proto_ifname_map { arp . vifv1001 : jump v1001ARPIN }
add element bridge filter proto_ifname_map { ip . vifv1001 : jump v1001 }
add element bridge filter proto_ifname_map { ip6 . vifv1001 : jump v1001IPV6 }
--
try banana pi - opensource router with hardware acceleration!
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230504/199ce453/attachment.html>
More information about the netfilter-buglog
mailing list