meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br-cn-redirect.rules - openbmc/openbmc - Gitiles

 table bridge filter {
     chain gbmcbr_mark {
         type filter hook prerouting priority -300;
         iifname == "cn0" mark set 1 return
         iifname == "cn1" mark set 2 return
     }
 }

 table inet raw {
     chain gbmcbr_nat_input {
         type filter hook prerouting priority -300;
         # client should only use 10166 for this purpose and
         # it should NOT use service port directly
         # otherwise drop later if the packets goes into input
         tcp dport 10167-10168 mark set 0xff
         mark 1 tcp dport 10166 tcp dport set 10167 notrack
         mark 2 tcp dport 10166 tcp dport set 10168 notrack
     }
     chain gbmcbr_nat_output {
         type filter hook output priority -300;
         tcp sport 10167 tcp sport set 10166 notrack
         tcp sport 10168 tcp sport set 10166 notrack
     }
 }

 table inet filter {
     chain gbmc_br_redir_input {
         mark 0xff drop
     }
 }
	table bridge filter {
	chain gbmcbr_mark {
	type filter hook prerouting priority -300;
	iifname == "cn0" mark set 1 return
	iifname == "cn1" mark set 2 return
	}
	}

	table inet raw {
	chain gbmcbr_nat_input {
	type filter hook prerouting priority -300;
	# client should only use 10166 for this purpose and
	# it should NOT use service port directly
	# otherwise drop later if the packets goes into input
	tcp dport 10167-10168 mark set 0xff
	mark 1 tcp dport 10166 tcp dport set 10167 notrack
	mark 2 tcp dport 10166 tcp dport set 10168 notrack
	}
	chain gbmcbr_nat_output {
	type filter hook output priority -300;
	tcp sport 10167 tcp sport set 10166 notrack
	tcp sport 10168 tcp sport set 10166 notrack
	}
	}

	table inet filter {
	chain gbmc_br_redir_input {
	mark 0xff drop
	}
	}