Setup filter for VRRP vmac interfaces

author: John Southworth <john.southworth@vyatta.com> 2011-12-12 15:17:28 -0800
committer: John Southworth <john.southworth@vyatta.com> 2011-12-12 15:17:28 -0800
commit: 6dcfe8743593a9035bb477530f5cbaba354403bd (patch)
tree: 2f9fd1028babed94a07360ac9f1237fe4e9af2cf /scripts/firewall
parent: 5064deb9df0a30f88b899fc18eb1cd62fc8cddf0 (diff)
download: vyatta-cfg-firewall-6dcfe8743593a9035bb477530f5cbaba354403bd.tar.gz
vyatta-cfg-firewall-6dcfe8743593a9035bb477530f5cbaba354403bd.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in
index 07c32f8..bcc23ba 100644
--- a/scripts/firewall/firewall.init.in
+++ b/scripts/firewall/firewall.init.in
@@ -48,6 +48,12 @@ start () {
     for mod in ${modules[@]} ; do 
 	modprobe --syslog $mod
     done
+    # setup vrrp backup transition chain
+    # we need to filter traffic to the vrrp mac addresses
+    # on the vrrp backup router before we do anything else.
+    iptables -t raw -N VYATTA_VRRP_FILTER
+    iptables -t raw -A VYATTA_VRRP_FILTER -j RETURN
+    iptables -t raw -A PREROUTING -j VYATTA_VRRP_FILTER
 
     # set up notrack chains/rules for IPv4
     # by default, nothing is tracked.
author	John Southworth <john.southworth@vyatta.com>	2011-12-12 15:17:28 -0800
committer	John Southworth <john.southworth@vyatta.com>	2011-12-12 15:17:28 -0800
commit	6dcfe8743593a9035bb477530f5cbaba354403bd (patch)
tree	2f9fd1028babed94a07360ac9f1237fe4e9af2cf /scripts/firewall
parent	5064deb9df0a30f88b899fc18eb1cd62fc8cddf0 (diff)
download	vyatta-cfg-firewall-6dcfe8743593a9035bb477530f5cbaba354403bd.tar.gz vyatta-cfg-firewall-6dcfe8743593a9035bb477530f5cbaba354403bd.zip