add working nft

This commit is contained in:
Nico Schottelius 2020-01-11 02:42:04 +01:00
parent 3825c7c210
commit c1cabb7220

View file

@ -0,0 +1,32 @@
flush ruleset
table bridge filter {
chain prerouting {
type filter hook prerouting priority 0;
policy accept;
ibrname br100 jump netpublic
}
chain netpublic {
iifname tap1 jump vm1
icmpv6 type {nd-router-solicit, nd-router-advert,
nd-neighbor-solicit, nd-neighbor-advert, nd-redirect } log
}
chain vm1 {
ether saddr != 02:00:f0:a9:c4:4e drop
}
}
table ip6 filter {
chain forward {
type filter hook forward priority 0;
# policy drop;
ct state established,related accept;
}
}