[PATCH] bridge: Support nf_call_{ip,ip6,arp}tables attributes
Etienne Champetier
champetier.etienne at gmail.com
Tue Sep 13 17:24:09 PDT 2022
Hi Maximilian
Le mar. 13 sept. 2022, 17:23, Maximilian Riemensberger
<riemensberger at cadami.net> a écrit :
>
> The bridge driver allows passing bridged frames to netfilter. Add
> bridge config options nf_call_iptables, nf_call_ip6tables,
> nf_call_arptables to opt in.
You should have a look at using nftables instead,
no need for those coarse grain options and way more flexible / powerful.
https://wiki.nftables.org/wiki-nftables/index.php/Bridge_filtering
Here an example switching from iptables + br_netfilter to nftables +
table bridge:
https://github.com/nccgroup/phantap/commit/b066ce2c2bb21038958a117b3b67413e9a0ea0a3
https://github.com/openwrt/packages/commit/66b7c19992688b924d2ecbbbc20781b32a82452f
Etienne
More information about the openwrt-devel
mailing list