From 8d37804bf74dbe2a57d114bc302130e01900ff10 Mon Sep 17 00:00:00 2001
From: John Southworth <john.southworth@vyatta.com>
Date: Tue, 27 Dec 2011 10:31:57 -0800
Subject: Create VRRP output filter to filter IGMP from vmac interfaces

---
 scripts/firewall/firewall.init.in | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'scripts/firewall')

diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in
index bcc23ba..8b35876 100644
--- a/scripts/firewall/firewall.init.in
+++ b/scripts/firewall/firewall.init.in
@@ -55,6 +55,11 @@ start () {
     iptables -t raw -A VYATTA_VRRP_FILTER -j RETURN
     iptables -t raw -A PREROUTING -j VYATTA_VRRP_FILTER
 
+    iptables -t raw -N VYATTA_VRRP_OUTPUT_FILTER
+    iptables -t raw -A VYATTA_VRRP_OUTPUT_FILTER -j RETURN
+    iptables -t raw -I OUTPUT -j VYATTA_VRRP_OUTPUT_FILTER
+
+
     # set up notrack chains/rules for IPv4
     # by default, nothing is tracked.
     iptables -t raw -N VYATTA_CT_PREROUTING_HOOK
-- 
cgit v1.2.3