Google Git
Sign in
kernel / pub / scm / linux / kernel / git / horms / ipvs / 974292defee033bc43ccfcb2fcefc3eba3905340
commit974292defee033bc43ccfcb2fcefc3eba3905340[log] [tgz]
authorFlorian Westphal <fw@strlen.de>Fri Jul 07 13:29:03 2017 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>Mon Jul 17 17:02:44 2017 +0200
treef9865fb83ea6979a8f7ef02d10020af01090e3bb
parent97772bcd56efa21d9d8976db6f205574ea602f51 [diff]
netfilter: nf_tables: only allow in/output for arp packets

arp packets cannot be forwarded.

They can be bridged, but then they can be filtered using
either ebtables or nftables bridge family.

The bridge netfilter exposes a "call-arptables" switch which
pushes packets into arptables, but lets not expose this for nftables, so better
close this asap.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 file changed
tree: f9865fb83ea6979a8f7ef02d10020af01090e3bb
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README