diff options
author | Michael Braun <michael-dev@fami-braun.de> | 2020-05-06 11:46:24 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-05-28 00:04:44 +0200 |
commit | 8615ed93f6e4c4b105525f033b927b510469b987 (patch) | |
tree | 064dd3adc997e0a3c3d494b97d9dfa1146250856 /src | |
parent | 2a20b5bdbde8a1b510f75b1522772b07e51a77d7 (diff) |
evaluate: enable reject with 802.1q
This enables the use nft bridge reject with bridge vlan filtering.
It depends on a kernel patch to make the kernel preserve the
vlan id in nft bridge reject generation.
[ pablo: update tests/py ]
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/evaluate.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 506f2c6a..985ae4fe 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2616,7 +2616,7 @@ static int stmt_evaluate_reject_bridge(struct eval_ctx *ctx, struct stmt *stmt, const struct proto_desc *desc; desc = ctx->pctx.protocol[PROTO_BASE_LL_HDR].desc; - if (desc != &proto_eth) + if (desc != &proto_eth && desc != &proto_vlan) return stmt_binary_error(ctx, &ctx->pctx.protocol[PROTO_BASE_LL_HDR], stmt, "unsupported link layer protocol"); |