Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install nftables and move the default conifuration in ebtables.filter… #16570

Closed
wants to merge 0 commits into from
Closed

Install nftables and move the default conifuration in ebtables.filter… #16570

wants to merge 0 commits into from

Conversation

Minkang-Tsai
Copy link

What I did
Replace the ebtables with nftables.

Why I did it
Nftables can configure the more detailed rule to filter packets.

How I verified it
Execute "nft list ruleset bridge" command

table bridge filter {
        chain INPUT {
                type filter hook input priority filter; policy accept;
        }

        chain FORWARD {
                type filter hook forward priority filter; policy accept;
                ether daddr 01:80:c2:00:00:00 counter packets 0 bytes 0 drop
                ether type arp counter packets 0 bytes 0 drop
                ether type vlan vlan type arp counter packets 0 bytes 0 drop
                icmpv6 type 135-136 icmpv6 code no-route counter packets 0 bytes 0 drop
                ether type vlan icmpv6 type 135-136 icmpv6 code no-route counter packets 0 bytes 0 drop
        }

        chain OUTPUT {
                type filter hook output priority filter; policy accept;
        }

        chain MCLAG_PORT_ISOLATION {
        }

        chain ND_LIST {
        }

        chain VLAN_ARP_LIST {
        }

        chain ARP_LIST {
        }
}

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Sep 15, 2023
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: Minkang-Tsai (d8e13e4)
  • ✅ login: lguohan / name: Guohan Lu (cadc631)

@Minkang-Tsai
Copy link
Author

/easycla

lguohan
lguohan reviewed Sep 23, 2023
View reviewed changes
build_debian.sh Outdated Show resolved Hide resolved
prsunny
prsunny previously approved these changes Sep 26, 2023
View reviewed changes
Copy link
Contributor

@prsunny prsunny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, @yxieca for viz

@Minkang-Tsai Minkang-Tsai requested a review from yxieca September 27, 2023 01:35
lguohan
lguohan previously approved these changes Sep 28, 2023
View reviewed changes
@lguohan
Copy link
Collaborator

lguohan commented Nov 16, 2023

/azp run Azure.sonic-buildimage

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@Minkang-Tsai Minkang-Tsai requested a review from prsunny November 21, 2023 03:06
@puffc
Copy link
Contributor

puffc commented Jun 13, 2024

@Minkang-Tsai How about the ebtables rules in MCLAG? Are you going to raise a separated PR to replace ebtables with nftables?

@idle-meerkat
Copy link

@Minkang-Tsai How about the ebtables rules in MCLAG? Are you going to raise a separated PR to replace ebtables with nftables?

what issues do you expect?
debian already uses ebtables-nft backend by default.

@gord1306
Copy link

Hi @prsunny could you help to review this PR?

@prsunny
Copy link
Contributor

prsunny commented Jan 6, 2025

Could you resolve conflicts?

@mssonicbld
Copy link
Collaborator

/azp run Azure.sonic-buildimage

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lguohan lguohan lguohan approved these changes

@yxieca yxieca Awaiting requested review from yxieca

@prsunny prsunny Awaiting requested review from prsunny

Assignees
No one assigned
Labels
baseimage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@Minkang-Tsai @lguohan @puffc @idle-meerkat @gord1306 @prsunny @mssonicbld @yxieca