nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gluon-ebtables-filter-multicast: do not filter out Bridge Loop Avoidance

Browse Source 
batman-adv uses gratuitous ARP packets with certain target addresses for
BLA.

Fixes #1198
This commit is contained in:
Matthias Schiffer 2017-12-27 16:50:54 +01:00
parent 35237c2ca1
commit f799518194
No known key found for this signature in database
GPG Key ID: 16EF3F64CB201D9C
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-arp
View File

@ -1,3 +1,7 @@
# Bridge loop avoidance
rule 'MULTICAST_OUT -p ARP --arp-opcode Reply --arp-gratuitous --arp-mac-dst ff:43:05:00:00:00/ff:ff:ff:fc:00:00 -j RETURN'
rule 'MULTICAST_OUT -p ARP --arp-opcode Reply --arp-gratuitous --arp-mac-dst ff:43:05:05:00:00/ff:ff:ff:ff:00:00 -j RETURN'
rule 'MULTICAST_OUT -p ARP --arp-opcode Reply --arp-ip-src 0.0.0.0 -j DROP' rule 'MULTICAST_OUT -p ARP --arp-opcode Reply --arp-ip-src 0.0.0.0 -j DROP'
rule 'MULTICAST_OUT -p ARP --arp-opcode Request --arp-ip-dst 0.0.0.0 -j DROP' rule 'MULTICAST_OUT -p ARP --arp-opcode Request --arp-ip-dst 0.0.0.0 -j DROP'
rule 'MULTICAST_OUT -p ARP -j RETURN' rule 'MULTICAST_OUT -p ARP -j RETURN'