Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / cf1e7270226fd27f72d9c70caf422376a8a14404 / . / meta-google / recipes-google / ncsi / files / 50-gbmc-ncsi.rules.in
blob: 938dca34bec5e5f2c9400ad9178217ab95555fb5 [file] [log] [blame]
William A. Kennington IIIafe167d2021-02-08 20:07:49 -0800[diff] [blame]1table inet filter {
2 chain ncsi_input {
3 type filter hook input priority 0; policy drop;
4 iifname != @NCSI_IF@ accept
5 ct state established accept
William A. Kennington III1ef795b2021-03-10 18:59:12 -0800[diff] [blame]6 ip6 daddr ff00::/8 goto ncsi_brd_input
7 ip6 daddr fe80::/64 goto ncsi_legacy_input
8 }
9 chain ncsi_gbmc_br_pub_input {
10 jump gbmc_br_pub_input
11 reject
12 }
13 chain gbmc_br_pub_input {
14 }
15 chain ncsi_legacy_input {
16 jump ncsi_brd_input
William A. Kennington IIIafe167d2021-02-08 20:07:49 -0800[diff] [blame]17 tcp dport 3959 accept
18 udp dport 3959 accept
19 tcp dport 3967 accept
20 udp dport 3967 accept
William A. Kennington III1ef795b2021-03-10 18:59:12 -0800[diff] [blame]21 }
22 chain ncsi_brd_input {
William A. Kennington IIIafe167d2021-02-08 20:07:49 -0800[diff] [blame]23 icmpv6 type nd-neighbor-advert accept
24 icmpv6 type nd-neighbor-solicit accept
25 icmpv6 type nd-router-advert accept
26 }
William A. Kennington III5ba6d082021-03-10 19:24:22 -0800[diff] [blame]27 chain ncsi_forward {
William A. Kennington IIIcf1e7272021-05-12 00:57:41 -0700[diff] [blame^]28 type filter hook forward priority 0; policy drop;
William A. Kennington III5ba6d082021-03-10 19:24:22 -0800[diff] [blame]29 iifname != @NCSI_IF@ accept
30 oifname != gbmcbr drop
31 ip6 daddr fdb5:0481:10ce::/64 drop
32 ip6 saddr fdb5:0481:10ce::/64 drop
33 }
William A. Kennington IIIafe167d2021-02-08 20:07:49 -0800[diff] [blame]34}