freifunk-franken
/
firmware
9
7
Fork 13
Code Issues 48 Pull Requests 7 Releases 17 Wiki Activity
firmware/src/packages/fff/fff-node/files/usr/lib/firewall.d/40-local-node

31 lines
1.1 KiB
Plaintext
Raw Blame History

nft -f - <<__EOF
table bridge filter {
chain INPUT {
# No input from/to local node ip from batman
# -p IPv6 -i bat0 --logical-in br-client --ip6-src fdff::1 -j DROP
iifname "bat0" ibrname "br-client" ether type ip6 ip6 saddr fdff::1 counter drop
# -p IPv6 -i bat0 --logical-in br-client --ip6-dst fdff::1 -j DROP
iifname "bat0" ibrname "br-client" ether type ip6 ip6 daddr fdff::1 counter drop
}
chain FORWARD {
# Do not forward local node ip
# -p IPv6 --logical-out br-client -o bat0 --ip6-dst fdff::1 -j DROP
oifname "bat0" obrname "br-client" ether type ip6 ip6 daddr fdff::1 counter drop
# -p IPv6 --logical-out br-client -o bat0 --ip6-src fdff::1 -j DROP
oifname "bat0" obrname "br-client" ether type ip6 ip6 saddr fdff::1 counter drop
}
chain OUTPUT {
# Do not output local node ip to batman
# -p IPv6 --logical-out br-client -o bat0 --ip6-dst fdff::1 -j DROP
oifname "bat0" obrname "br-client" ether type ip6 ip6 daddr fdff::1 counter drop
# -p IPv6 --logical-out br-client -o bat0 --ip6-src fdff::1 -j DROP
oifname "bat0" obrname "br-client" ether type ip6 ip6 saddr fdff::1 counter drop
}
}
__EOF
Reference in New Issue View Git Blame Copy Permalink