diff options
| author | John Southworth <john.southworth@vyatta.com> | 2011-12-27 10:31:57 -0800 |
|---|---|---|
| committer | John Southworth <john.southworth@vyatta.com> | 2011-12-27 10:31:57 -0800 |
| commit | 8d37804bf74dbe2a57d114bc302130e01900ff10 (patch) | |
| tree | a97da421497ff2a98b88d9fbb5c1939f5d9d8ff1 | |
| parent | 1b9deeac0059afe73fb1379cc69e96d8359f9cc9 (diff) | |
| download | vyatta-cfg-firewall-8d37804bf74dbe2a57d114bc302130e01900ff10.tar.gz vyatta-cfg-firewall-8d37804bf74dbe2a57d114bc302130e01900ff10.zip | |
Create VRRP output filter to filter IGMP from vmac interfaces
| -rw-r--r-- | scripts/firewall/firewall.init.in | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in index bcc23ba..8b35876 100644 --- a/scripts/firewall/firewall.init.in +++ b/scripts/firewall/firewall.init.in @@ -55,6 +55,11 @@ start () { iptables -t raw -A VYATTA_VRRP_FILTER -j RETURN iptables -t raw -A PREROUTING -j VYATTA_VRRP_FILTER + iptables -t raw -N VYATTA_VRRP_OUTPUT_FILTER + iptables -t raw -A VYATTA_VRRP_OUTPUT_FILTER -j RETURN + iptables -t raw -I OUTPUT -j VYATTA_VRRP_OUTPUT_FILTER + + # set up notrack chains/rules for IPv4 # by default, nothing is tracked. iptables -t raw -N VYATTA_CT_PREROUTING_HOOK |