13 lines
494 B
Text
13 lines
494 B
Text
|
|
# {{ ansible_managed }}
|
||
|
|
# Allow DHCP/DNS traffic arriving on the libvirt integration bridge to pass base's
|
||
|
|
# inet filter input default-deny chain (ADR-025). nftables multi-table semantics mean
|
||
|
|
# libvirt's own `ip filter` table accept is not enough — base's `inet filter` input
|
||
|
|
# policy drop kills bridge traffic first without this drop-in.
|
||
|
|
#
|
||
|
|
# Bridge name "virbr-boma" must match NET_XML in scripts/integration-vm.py.
|
||
|
|
table inet filter {
|
||
|
|
chain input {
|
||
|
|
iifname "virbr-boma" accept
|
||
|
|
}
|
||
|
|
}
|