forked from freifunk-franken/firmware
31 lines
1.0 KiB
Plaintext
31 lines
1.0 KiB
Plaintext
nft -f - <<__EOF
|
|
table bridge filter {
|
|
chain INPUT {
|
|
# No input from/to local node ip from batman
|
|
|
|
# -p IPv6 -i bat0 --logical-in br-client --ip6-src fdff::1 -j DROP
|
|
iifname "bat0" ether type ip6 ip6 saddr fdff::1 counter drop
|
|
# -p IPv6 -i bat0 --logical-in br-client --ip6-dst fdff::1 -j DROP
|
|
iifname "bat0" ether type ip6 ip6 daddr fdff::1 counter drop
|
|
}
|
|
|
|
chain FORWARD {
|
|
# Do not forward local node ip
|
|
|
|
# -p IPv6 --logical-out br-client -o bat0 --ip6-dst fdff::1 -j DROP
|
|
oifname "bat0" ether type ip6 ip6 daddr fdff::1 counter drop
|
|
# -p IPv6 --logical-out br-client -o bat0 --ip6-src fdff::1 -j DROP
|
|
oifname "bat0" ether type ip6 ip6 saddr fdff::1 counter drop
|
|
}
|
|
|
|
chain OUTPUT {
|
|
# Do not output local node ip to batman
|
|
|
|
# -p IPv6 --logical-out br-client -o bat0 --ip6-dst fdff::1 -j DROP
|
|
oifname "bat0" ether type ip6 ip6 daddr fdff::1 counter drop
|
|
# -p IPv6 --logical-out br-client -o bat0 --ip6-src fdff::1 -j DROP
|
|
oifname "bat0" ether type ip6 ip6 saddr fdff::1 counter drop
|
|
}
|
|
}
|
|
__EOF
|