20 lines
545 B
Plaintext
20 lines
545 B
Plaintext
nft -f - <<__EOF
|
|
table bridge filter {
|
|
chain MULTICAST_OUT {
|
|
# Erlaube DHCPv6 Requests
|
|
# -p IPv6 --ip6-proto udp --ip6-dport 547 -j RETURN
|
|
ether type ip6 udp dport 547 counter return
|
|
}
|
|
|
|
chain FORWARD {
|
|
# Erlaube nur DHCPv6 Request von CLIENT -> BATMAN
|
|
# -p IPv6 --ip6-proto udp --ip6-dport 547 -j OUT_ONLY
|
|
ether type ip6 udp dport 547 counter jump OUT_ONLY
|
|
|
|
# Erlaube nur DHCPv6 Antworten von BATMAN -> CLIENT
|
|
# -p IPv6 --ip6-proto udp --ip6-dport 546 -j IN_ONLY
|
|
ether type ip6 udp dport 546 counter jump IN_ONLY
|
|
}
|
|
}
|
|
__EOF
|