diff options
Diffstat (limited to 'meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in')
| -rw-r--r-- | meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in index 33031f0db..4ebe35128 100644 --- a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in +++ b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in @@ -3,10 +3,23 @@ table inet filter { type filter hook input priority 0; policy drop; iifname != @NCSI_IF@ accept ct state established accept + ip6 daddr ff00::/8 goto ncsi_brd_input + ip6 daddr fe80::/64 goto ncsi_legacy_input + } + chain ncsi_gbmc_br_pub_input { + jump gbmc_br_pub_input + reject + } + chain gbmc_br_pub_input { + } + chain ncsi_legacy_input { + jump ncsi_brd_input tcp dport 3959 accept udp dport 3959 accept tcp dport 3967 accept udp dport 3967 accept + } + chain ncsi_brd_input { icmpv6 type nd-neighbor-advert accept icmpv6 type nd-neighbor-solicit accept icmpv6 type nd-router-advert accept |