* migration of ebtables arp rule to nftables
@ 2015-09-24 14:34 Corin Langosch
0 siblings, 0 replies; only message in thread
From: Corin Langosch @ 2015-09-24 14:34 UTC (permalink / raw)
To: netfilter
Hi guys,
I'd like to move to nftables (Ubuntu trusty, kernel 3.19). So far it works quite well, however I wonder how to migrate
these ebtables rules:
-p ARP --arp-op Request --arp-ip-dst 192.168.178.237 -j ACCEPT
-p ARP --arp-op Reply --arp-ip-dst 192.168.178.237 -j ACCEPT
-j DROP
-p ARP --arp-op Request --arp-ip-src 192.168.178.237 --arp-mac-src 2:fb:c5:e0:ef:a3 -j ACCEPT
-p ARP --arp-op Reply --arp-ip-src 192.168.178.237 --arp-mac-src 2:fb:c5:e0:ef:a3 -j ACCEPT
-j DROP
They are used to prevent ARP spoofing of qemu quests using tap devices on the host. The rule "nft add rule bridge filter
qemu1-o arp operation request counter accept" works, however I have no idea how to add the ip/mac contraints to the rule.
Thanks for any help. :)
Cheers
Corin
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-09-24 14:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-24 14:34 migration of ebtables arp rule to nftables Corin Langosch
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).