From 5ba6d08d7f49d26ae466f6d826ed1d849972ad59 Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <wak@google.com>
Date: Wed, 10 Mar 2021 19:24:22 -0800
Subject: meta-google: gbmc-systemd-config: Enable packet forwarding

This allows gBMCs to route packets, needed for routing packets to the
management netowrk.

Change-Id: I71f59eeb12607aa9c9d64687fb983938d5d69413
Signed-off-by: William A. Kennington III <wak@google.com>
---
 meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'meta-google/recipes-google/ncsi')

diff --git a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
index 4ebe35128..70f14ae59 100644
--- a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
+++ b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
@@ -24,4 +24,11 @@ table inet filter {
         icmpv6 type nd-neighbor-solicit accept
         icmpv6 type nd-router-advert accept
     }
+    chain ncsi_forward {
+        type filter hook forward priority 0; policy accept;
+        iifname != @NCSI_IF@ accept
+        oifname != gbmcbr drop
+        ip6 daddr fdb5:0481:10ce::/64 drop
+        ip6 saddr fdb5:0481:10ce::/64 drop
+    }
 }
-- 
cgit v1.2.3