uncloud-mravi/uncloud/hack/hackcloud/nftrules

flush ruleset

table bridge filter {
       chain prerouting {
                type filter hook prerouting priority 0;
                policy accept;
                ibrname br100 jump netpublic
                }
       chain netpublic {

             iifname tap1 jump vm1

             icmpv6 type {nd-router-solicit, nd-router-advert,
       nd-neighbor-solicit, nd-neighbor-advert, nd-redirect } log

       }
       chain vm1 {
             ether saddr != 02:00:f0:a9:c4:4e drop
       }
}

table ip6 filter {
        chain forward {
                type filter hook forward priority 0;

       #         policy drop;

                ct state established,related accept;

        }

}
add working nft 2020-01-11 01:42:04 +00:00			`flush ruleset`

			`table bridge filter {`
			`chain prerouting {`
			`type filter hook prerouting priority 0;`
			`policy accept;`
			`ibrname br100 jump netpublic`
			`}`
			`chain netpublic {`

			`iifname tap1 jump vm1`

			`icmpv6 type {nd-router-solicit, nd-router-advert,`
			`nd-neighbor-solicit, nd-neighbor-advert, nd-redirect } log`

			`}`
			`chain vm1 {`
			`ether saddr != 02:00:f0:a9:c4:4e drop`
			`}`
			`}`

			`table ip6 filter {`
			`chain forward {`
			`type filter hook forward priority 0;`

			`# policy drop;`

			`ct state established,related accept;`

			`}`

			`}`