meta-google: gbmc-ncsi-config: Add relay support for the bridge
We may have multiple BMCs running on the internal gbmcbr network via USB
links to attached trays. These BMCs do not have a direct connection to
the network, and require the NCSI BMC to relay all of their traffic
(including DHCP) out opf the machine. This patch enables dhcrelay to run
on the NCSI interface and proxy all DHCP traffic from the bridge out of
the machine.
Change-Id: I60f97ae2d64289c7b706b3d0a6c8fb79a931e485
Signed-off-by: William A. Kennington III <wak@google.com>
diff --git a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
index 938dca3..f712720 100644
--- a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
+++ b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
@@ -31,4 +31,10 @@
ip6 daddr fdb5:0481:10ce::/64 drop
ip6 saddr fdb5:0481:10ce::/64 drop
}
+ chain ncsi_dhcp_input {
+ type filter hook input priority 0; policy drop;
+ iifname != ncsigbmc accept
+ ip6 nexthdr icmpv6 accept
+ udp dport 547 accept
+ }
}