From 21c086b83b8f8b9b22dace2bdcf11f2cecfc512f Mon Sep 17 00:00:00 2001
From: Yuxiao Zhang <yuxiaozhang@google.com>
Date: Wed, 21 Jun 2023 10:23:53 -0700
Subject: meta-google: gbmc-bridge: Fix nftable rule set

Seems that nftable cannot jump to a chain that doesn't in its own file.

Change-Id: I4d8c0cd804afddaae7ae5e94b5db1266b149fb55
Signed-off-by: Yuxiao Zhang <yuxiaozhang@google.com>
---
 .../networking/gbmc-bridge/50-gbmc-br-cn-redirect.rules             | 6 ------
 meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules  | 3 ++-
 2 files changed, 2 insertions(+), 7 deletions(-)

(limited to 'meta-google')

diff --git a/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br-cn-redirect.rules b/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br-cn-redirect.rules
index 61e8b44237..e0bae575ca 100644
--- a/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br-cn-redirect.rules
+++ b/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br-cn-redirect.rules
@@ -22,9 +22,3 @@ table inet raw {
         tcp sport 10168 tcp sport set 10166 notrack
     }
 }
-
-table inet filter {
-    chain gbmc_br_redir_input {
-        mark 0xff drop
-    }
-}
diff --git a/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules b/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules
index 5bc58f0a2f..72dde392e7 100644
--- a/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules
+++ b/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules
@@ -12,8 +12,8 @@ table inet filter {
   chain gbmc_br_input {
     type filter hook input priority 0; policy drop;
     iifname != gbmcbr accept
+    mark 0xff drop
     ct state established accept
-    jump gbmc_br_redir_input
     jump gbmc_br_int_input
     jump gbmc_br_pub_input
     reject
@@ -35,3 +35,4 @@ table inet filter {
     ip6 nexthdr icmpv6 accept
   }
 }
+
-- 
cgit v1.2.3