it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable ARP support in nftable for outbound restriction in exam_mode

Browse source
This commit is contained in:
Raphael Dannecker 2025-12-17 18:50:16 +01:00
parent 194fbbc735
commit f89b113049
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
roles/lmn_exam/templates/no-way-out-nftable.j2
View file

@ -13,15 +13,17 @@ ${filterchain}
chain filterin_${interface} { chain filterin_${interface} {
type filter hook ingress device ${interface} priority filter; policy drop; type filter hook ingress device ${interface} priority filter; policy drop;
ip saddr \$allowed_ipv4 accept ip saddr \$allowed_ipv4 accept
ip saddr ${gateway} accept; ip saddr ${gateway} accept
ip saddr 255.255.255.255 accept; ip saddr 255.255.255.255 accept
ether type arp accept
} }
chain filterout_${interface} { chain filterout_${interface} {
type filter hook egress device ${interface} priority filter; policy drop; type filter hook egress device ${interface} priority filter; policy drop;
ip daddr \$allowed_ipv4 accept ip daddr \$allowed_ipv4 accept
ip daddr ${gateway} accept; ip daddr ${gateway} accept
ip daddr 255.255.255.255 accept; ip daddr 255.255.255.255 accept
ether type arp accept
} }
EOF EOF
) )