diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-09-05 14:51:16 +0200 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-09-06 00:57:28 +0200 |
| commit | 2ee8d0eef88acab60b42d0424c034414de47bddd (patch) | |
| tree | 59ef81f7d93d8f9e797c2e2e8a90d1472872c900 /data/vyos-firewall-init.conf | |
| parent | 435af27787160079cc4074c1257ba7191bc60380 (diff) | |
| download | vyos-1x-2ee8d0eef88acab60b42d0424c034414de47bddd.tar.gz vyos-1x-2ee8d0eef88acab60b42d0424c034414de47bddd.zip | |
interface: T5550: Interface source-validation priority over global value
- Migrate IPv4 source-validation to nftables
- Interface source-validation value takes priority, fallback to global value
Diffstat (limited to 'data/vyos-firewall-init.conf')
| -rw-r--r-- | data/vyos-firewall-init.conf | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/data/vyos-firewall-init.conf b/data/vyos-firewall-init.conf index 41e7627f5..b0026fdf3 100644 --- a/data/vyos-firewall-init.conf +++ b/data/vyos-firewall-init.conf @@ -19,6 +19,15 @@ table raw { type filter hook forward priority -300; policy accept; } + chain vyos_global_rpfilter { + return + } + + chain vyos_rpfilter { + type filter hook prerouting priority -300; policy accept; + counter jump vyos_global_rpfilter + } + chain PREROUTING { type filter hook prerouting priority -300; policy accept; counter jump VYOS_CT_IGNORE @@ -82,8 +91,13 @@ table ip6 raw { type filter hook forward priority -300; policy accept; } + chain vyos_global_rpfilter { + return + } + chain vyos_rpfilter { type filter hook prerouting priority -300; policy accept; + counter jump vyos_global_rpfilter } chain PREROUTING { |