Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / ee5dd4aec18d222f499569ab464549d7cc674d86 / . / meta-google / recipes-google / networking / gbmc-bridge / 50-gbmc-br.rules
blob: 9d82e6101469e3c7787cc5784c0e1cac539f9f93 [file] [log] [blame]
William A. Kennington III832f02b2021-04-23 12:53:36 -0700[diff] [blame]1table bridge filter {
2 chain gbmc_br_prerouting {
3 type filter hook prerouting priority 0;
4 iifname != gbmcbr accept
5 # Sometimes our links are over NCSI and we don't want to broadcast
6 # those packets over the entire bridge. They are only relevant P2P.
7 ether type 0x88F8 drop
8 }
9}
10
11table inet filter {
12 chain gbmc_br_input {
13 type filter hook input priority 0; policy drop;
14 iifname != gbmcbr accept
Yuxiao Zhang861ed8f2023-04-19 14:21:26 -0700[diff] [blame]15 ct state established accept
William A. Kennington III832f02b2021-04-23 12:53:36 -0700[diff] [blame]16 jump gbmc_br_int_input
17 jump gbmc_br_pub_input
18 reject
19 }
William A. Kennington IIIcffcaa72021-09-08 13:06:00 -0700[diff] [blame]20 set gbmc_br_int_addrs {
21 type ipv6_addr;
22 flags interval
23 elements = {
24 ff00::/8,
25 fe80::/64,
26 fdb5:0481:10ce::/64,
27 }
28 }
William A. Kennington III832f02b2021-04-23 12:53:36 -0700[diff] [blame]29 chain gbmc_br_int_input {
William A. Kennington IIIcffcaa72021-09-08 13:06:00 -0700[diff] [blame]30 ip6 daddr @gbmc_br_int_addrs accept
31 ip6 saddr @gbmc_br_int_addrs accept
William A. Kennington III832f02b2021-04-23 12:53:36 -0700[diff] [blame]32 }
33 chain gbmc_br_pub_input {
34 ip6 nexthdr icmpv6 accept
35 }
36}