boma/roles/integration_test/templates/10-libvirt-boma.nft.j2

13 lines
494 B
Text
Raw Permalink Normal View History

# {{ ansible_managed }}
# Allow DHCP/DNS traffic arriving on the libvirt integration bridge to pass base's
# inet filter input default-deny chain (ADR-025). nftables multi-table semantics mean
# libvirt's own `ip filter` table accept is not enough — base's `inet filter` input
# policy drop kills bridge traffic first without this drop-in.
#
# Bridge name "virbr-boma" must match NET_XML in scripts/integration-vm.py.
table inet filter {
chain input {
iifname "virbr-boma" accept
}
}