remove rp_filter unicast limitation + nat only unicast

This commit is contained in:
User 2023-09-08 10:11:57 +02:00
parent eb3865cb23
commit 2c36defc83

View file

@ -356,14 +356,8 @@ def parse_reverse_path_filter(rpf: ReversePathFilter) -> nft.Table:
right=False,
)
rule_pkttype = nft.Match(
op="==",
left=nft.Meta("pkttype"),
right="host",
)
chain_filter.rules.append(
nft.Rule([rule_iifname, rule_fib, rule_pkttype, nft.Verdict("drop")])
nft.Rule([rule_iifname, rule_fib, nft.Verdict("drop")])
)
# Resulting table
@ -582,6 +576,12 @@ def parse_nat(nat: list[Nat], zones: Zones) -> nft.Table:
)
)
rule.stmts.append(nft.Match(
op="==",
left=nft.Fib(flags=["daddr"], result="type"),
right="unicast",
))
rule.stmts.append(
nft.Snat(
addr=entry.snat.addr,