Merge pull request #4236 from opswill/current

T6918: Accept invalid PPPoE Session in stateful bridge firewall.
author: Daniil Baturin <daniil@vyos.io> 2024-12-18 11:17:33 +0000
committer: GitHub <noreply@github.com> 2024-12-18 11:17:33 +0000
commit: 60743702bf2f2c4bdbf7402baa4e66a1e4f8ec38 (patch)
tree: 1cda798f6d3f22c0e3f37710683ab0988fe71a9a /data/templates
parent: e0c6262a7e564f1be54020606ae32de74e9b016a (diff)
parent: 833d5866b69dc346d8127845f32ebdcf9b647e59 (diff)
download: vyos-1x-60743702bf2f2c4bdbf7402baa4e66a1e4f8ec38.tar.gz
vyos-1x-60743702bf2f2c4bdbf7402baa4e66a1e4f8ec38.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index 034328400..a35143870 100755
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -382,6 +382,7 @@ table bridge vyos_filter {
 {%                 if 'invalid_connections' in global_options.apply_to_bridged_traffic %}
         ct state invalid udp sport 67 udp dport 68 counter accept
         ct state invalid ether type arp counter accept
+        ct state invalid ether type 0x8864 counter accept
 {%                 endif %}
 {%             endif %}
 {%             if global_options.state_policy is vyos_defined %}
@@ -445,4 +446,4 @@ table bridge vyos_filter {
         return
     }
 {% endif %}
-}
-\ No newline at end of file
+}
author	Daniil Baturin <daniil@vyos.io>	2024-12-18 11:17:33 +0000
committer	GitHub <noreply@github.com>	2024-12-18 11:17:33 +0000
commit	60743702bf2f2c4bdbf7402baa4e66a1e4f8ec38 (patch)
tree	1cda798f6d3f22c0e3f37710683ab0988fe71a9a /data/templates
parent	e0c6262a7e564f1be54020606ae32de74e9b016a (diff)
parent	833d5866b69dc346d8127845f32ebdcf9b647e59 (diff)
download	vyos-1x-60743702bf2f2c4bdbf7402baa4e66a1e4f8ec38.tar.gz vyos-1x-60743702bf2f2c4bdbf7402baa4e66a1e4f8ec38.zip