diff options
Diffstat (limited to 'data/templates/firewall/nftables.j2')
| -rwxr-xr-x | data/templates/firewall/nftables.j2 | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2 index 155b7f4d0..034328400 100755 --- a/data/templates/firewall/nftables.j2 +++ b/data/templates/firewall/nftables.j2 @@ -376,8 +376,14 @@ table bridge vyos_filter { {% if bridge.output is vyos_defined %} {% for prior, conf in bridge.output.items() %} - chain VYOS_OUTUT_{{ prior }} { + chain VYOS_OUTPUT_{{ prior }} { type filter hook output priority {{ prior }}; policy accept; +{% if global_options.apply_to_bridged_traffic is vyos_defined %} +{% if 'invalid_connections' in global_options.apply_to_bridged_traffic %} + ct state invalid udp sport 67 udp dport 68 counter accept + ct state invalid ether type arp counter accept +{% endif %} +{% endif %} {% if global_options.state_policy is vyos_defined %} jump VYOS_STATE_POLICY {% endif %} |