testnet/snp-daemon
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allow inbound ARP for VMs

Browse Source
This commit is contained in:
ghe0 2025-03-12 20:16:04 +02:00
parent 4e6277aed7
commit 76e832a3f6
Signed by: ghe0
GPG Key ID: 451028EE56A0FBB4
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
scripts/start_qemu_vm.sh
View File

@ -24,6 +24,7 @@ add_nft_rules() {
nft add chain netdev deteemacvtap ${ifname}_ou "{ type filter hook egress device ${ifname} priority 0; policy accept; }" nft add chain netdev deteemacvtap ${ifname}_ou "{ type filter hook egress device ${ifname} priority 0; policy accept; }"
# return if the rules already exist # return if the rules already exist
nft list chain netdev deteemacvtap ${ifname}_in | grep ether && return 0 nft list chain netdev deteemacvtap ${ifname}_in | grep ether && return 0
nft add rule netdev deteemacvtap ${ifname}_in ether type arp accept
nft add rule netdev deteemacvtap ${ifname}_in ether daddr != ${vtap_addr} drop nft add rule netdev deteemacvtap ${ifname}_in ether daddr != ${vtap_addr} drop
nft list chain netdev deteemacvtap ${ifname}_ou | grep ether && return 0 nft list chain netdev deteemacvtap ${ifname}_ou | grep ether && return 0
nft add rule netdev deteemacvtap ${ifname}_ou ether saddr != ${vtap_addr} drop nft add rule netdev deteemacvtap ${ifname}_ou ether saddr != ${vtap_addr} drop