blob: e2ade6e5bc93c9c6246b838ed85b38e18d33fb99 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
table inet filter {
chain ncsi_input {
type filter hook input priority 0; policy drop;
iifname != @NCSI_IF@ accept
ct state established accept
ip6 daddr ff00::/8 goto ncsi_brd_input
ip6 daddr fe80::/64 goto ncsi_legacy_input
}
chain ncsi_gbmc_br_pub_input {
jump gbmc_br_pub_input
jump ncsi_legacy_input
reject
}
chain gbmc_br_pub_input {
}
chain ncsi_legacy_input {
jump ncsi_brd_input
tcp dport 3959 accept
udp dport 3959 accept
tcp dport 3967 accept
udp dport 3967 accept
}
chain ncsi_brd_input {
icmpv6 type nd-neighbor-advert accept
icmpv6 type nd-neighbor-solicit accept
icmpv6 type nd-router-advert accept
}
chain ncsi_forward {
type filter hook forward priority 0; policy drop;
iifname != @NCSI_IF@ accept
oifname != gbmcbr drop
ip6 daddr fdb5:0481:10ce::/64 drop
ip6 saddr fdb5:0481:10ce::/64 drop
}
chain ncsi_dhcp_input {
type filter hook input priority 0; policy drop;
iifname != ncsigbmc accept
ip6 nexthdr icmpv6 accept
udp dport 547 accept
}
}
|