fff-node: apply firewall rules to br-client only #318

Closed

fbl wants to merge 1 commits from fbl/firmware:nft-fix into master

pull from: fbl/firmware:nft-fix

merge into: freifunk-franken:master

freifunk-franken:master

freifunk-franken:0.5.x

Conversation 1 Commits 1 Files Changed 3 +13 -12

fbl commented 2024-03-11 23:48:01 +01:00

Owner

Copy Link

When switching from ebtables to nftables, the --logical-in and
--logical-out selectors of some rules were missed. This might have been
caused by kmod-nft-bridge not being installed, which is required for the
ibrname and obrname selectors, so it is possible that the migration
(using ebtables-nft) did not apply these selectors.

Add the ibrname and obrname selectors and add the required kernel
module.

Fixes: #315

When switching from ebtables to nftables, the --logical-in and --logical-out selectors of some rules were missed. This might have been caused by kmod-nft-bridge not being installed, which is required for the ibrname and obrname selectors, so it is possible that the migration (using ebtables-nft) did not apply these selectors. Add the ibrname and obrname selectors and add the required kernel module. Fixes: #315

fbl added this to the 20240401-beta milestone 2024-03-11 23:48:01 +01:00

fbl added the

node

label 2024-03-11 23:48:01 +01:00

fbl added 1 commit 2024-03-11 23:48:01 +01:00

7efaa780f8 fff-node: apply firewall rules to br-client only ...

When switching from ebtables to nftables, the --logical-in and
--logical-out selectors of some rules were missed. This might have been
caused by kmod-nft-bridge not being installed, which is required for the
ibrname and obrname selectors, so it is possible that the migration
(using ebtables-nft) did not apply these selectors.

Add the ibrname and obrname selectors and add the required kernel
module.

Fixes: #315
Fixes: 157fa4eac5 ("fff-firewall: Switch from ip/ebtables to nftables")

Reported-by: Robert Langhammer <rlanghammer@web.de>
Signed-off-by: Fabian Bläse <fabian@blaese.de>

rohammer reviewed 2024-03-12 11:49:34 +01:00

rohammer left a comment

Member

Copy Link

Patch tut.

Tested-by: Robert Langhammer rlanghammer@web.de

Patch tut. Tested-by: Robert Langhammer <rlanghammer@web.de>

fbl commented 2024-03-21 21:57:04 +01:00

Author

Owner

Copy Link

Applied.

Applied.

fbl closed this pull request 2024-03-21 21:57:04 +01:00

Some checks are pending

ci/woodpecker/pull_request_closed/woodpecker Pipeline is pending

Details

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

RFC

  

RFT

  

WIP

  

blocked

  

bsp

touching bsp files or adding devices

  

bug

Something is not working

  

build/scripts/tools

touching buildscript or other tools

  

duplicate

This issue or pull request already exists

  

feature

New feature

  

fixed

Issue that got resolved

  

layer3

only for layer3 FW

  

mantis

Imported from mantis

  

more details required

Reported information is insufficient to debug the issue

  

needs changes

  

node

only for node FW

  

packages/fff

touching our packages

  

rejected

Rejected or won't fix

  

security

  

trivial

simple non-functional changes that are mostly matter of taste

  

upstream

touching upstream version, build or feed patches

No Label

RFC

RFT

WIP

blocked

bsp

bug

build/scripts/tools

duplicate

feature

fixed

layer3

mantis

more details required

needs changes

node

packages/fff

rejected

security

trivial

upstream

Milestone

Clear milestone

No items

No Milestone

20240401-beta

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: freifunk-franken/firmware#318

No description provided.