From 76e832a3f60df4554fca9905798382274a26f0eb Mon Sep 17 00:00:00 2001
From: ghe0 <gheorghe@gheo.tech>
Date: Wed, 12 Mar 2025 20:16:04 +0200
Subject: [PATCH] allow inbound ARP for VMs

---
 scripts/start_qemu_vm.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/start_qemu_vm.sh b/scripts/start_qemu_vm.sh
index 47c5eba..566b8a2 100755
--- a/scripts/start_qemu_vm.sh
+++ b/scripts/start_qemu_vm.sh
@@ -24,6 +24,7 @@ add_nft_rules() {
   nft add chain netdev deteemacvtap ${ifname}_ou "{ type filter hook egress device ${ifname} priority 0; policy accept; }"
   # return if the rules already exist
   nft list chain netdev deteemacvtap ${ifname}_in | grep ether && return 0
+  nft add rule netdev deteemacvtap ${ifname}_in ether type arp accept
   nft add rule netdev deteemacvtap ${ifname}_in ether daddr != ${vtap_addr} drop
   nft list chain netdev deteemacvtap ${ifname}_ou | grep ether && return 0
   nft add rule netdev deteemacvtap ${ifname}_ou ether saddr != ${vtap_addr} drop