24 lines
969 B
Plaintext
24 lines
969 B
Plaintext
nft -f - <<__EOF
|
|
table bridge filter {
|
|
chain INPUT {
|
|
# Erlaube nur Router-Advertisment von BATMAN -> KNOTEN
|
|
# -p IPv6 --ip6-proto ipv6-icmp --ip6-icmp-type router-advertisement -j IN_ONLY
|
|
ether type ip6 ip6 nexthdr icmpv6 icmpv6 type nd-router-advert counter jump IN_ONLY
|
|
|
|
# Verbiete Router-Solicitation von BATMAN -> KNOTEN
|
|
# -p IPv6 -i bat0 --ip6-proto ipv6-icmp --ip6-icmp-type router-solicitation -j DROP
|
|
iifname "bat0" ether type ip6 ip6 nexthdr icmpv6 icmpv6 type nd-router-solicit counter drop
|
|
}
|
|
|
|
chain OUTPUT {
|
|
# Erlaube nur Router-Solicitation von KNOTEN -> BATMAN
|
|
# -p IPv6 --ip6-proto ipv6-icmp --ip6-icmp-type router-solicitation -j OUT_ONLY
|
|
ether type ip6 icmpv6 type nd-router-solicit counter jump OUT_ONLY
|
|
|
|
# Verbiete Router-Advertisment von KNOTEN -> BATMAN
|
|
# -p IPv6 -o bat0 --ip6-proto ipv6-icmp --ip6-icmp-type router-advertisement -j DROP
|
|
oifname "bat0" ether type ip6 icmpv6 type nd-router-advert counter drop
|
|
}
|
|
}
|
|
__EOF
|