diff options
| author | Daniil Baturin <daniil@vyos.io> | 2025-06-02 10:42:53 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-06-02 10:42:53 +0100 |
| commit | 474f367604c3f2471b295ab5702a103e62a41313 (patch) | |
| tree | b4145abede261cbd6b214346a04d77a12e2eea58 /data | |
| parent | b8cd453177feebc44aee53657bfd2bbcea7a8d66 (diff) | |
| parent | ba6f88830e3075c32438787fa897116e0233e086 (diff) | |
| download | vyos-1x-474f367604c3f2471b295ab5702a103e62a41313.tar.gz vyos-1x-474f367604c3f2471b295ab5702a103e62a41313.zip | |
Merge pull request #4539 from indrajitr/firewall-bridge-vlan-aware
T7512: firewall: Modify accepting invalid traffic for VLAN aware bridge
Diffstat (limited to 'data')
| -rwxr-xr-x | data/templates/firewall/nftables.j2 | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2 index a78119a80..f5cd801e4 100755 --- a/data/templates/firewall/nftables.j2 +++ b/data/templates/firewall/nftables.j2 @@ -414,6 +414,8 @@ table bridge vyos_filter { {% if 'invalid_connections' in global_options.apply_to_bridged_traffic %} ct state invalid udp sport 67 udp dport 68 counter accept ct state invalid ether type arp counter accept + ct state invalid ether type 8021q counter accept + ct state invalid ether type 8021ad counter accept ct state invalid ether type 0x8864 counter accept {% endif %} {% endif %} |