Gitiles
Code Review Sign In
gerrit.openbmc.org / stefanberger / openbmc / 7356f8ebcb6b0e4c06018c748b7c5771b41e007e / . / meta-google / recipes-google / networking / gbmc-bridge / 50-gbmc-br.rules
blob: 475cc02f9e752cf8875af5e544f9fe585caa2962 [file] [log] [blame]
William A. Kennington III832f02b2021-04-23 12:53:36 -0700[diff] [blame]1table bridge filter {
2 chain gbmc_br_prerouting {
3 type filter hook prerouting priority 0;
4 iifname != gbmcbr accept
5 # Sometimes our links are over NCSI and we don't want to broadcast
6 # those packets over the entire bridge. They are only relevant P2P.
7 ether type 0x88F8 drop
8 }
9}
10
11table inet filter {
12 chain gbmc_br_input {
13 type filter hook input priority 0; policy drop;
14 iifname != gbmcbr accept
15 jump gbmc_br_int_input
16 jump gbmc_br_pub_input
17 reject
18 }
William A. Kennington IIIcffcaa72021-09-08 13:06:00 -0700[diff] [blame]19 set gbmc_br_int_addrs {
20 type ipv6_addr;
21 flags interval
22 elements = {
23 ff00::/8,
24 fe80::/64,
25 fdb5:0481:10ce::/64,
26 }
27 }
William A. Kennington III832f02b2021-04-23 12:53:36 -0700[diff] [blame]28 chain gbmc_br_int_input {
William A. Kennington IIIcffcaa72021-09-08 13:06:00 -0700[diff] [blame]29 ip6 daddr @gbmc_br_int_addrs accept
30 ip6 saddr @gbmc_br_int_addrs accept
William A. Kennington III832f02b2021-04-23 12:53:36 -0700[diff] [blame]31 }
32 chain gbmc_br_pub_input {
33 ip6 nexthdr icmpv6 accept
34 }
35}