ebtables/iptables not filtering non VLAN traffic with enic host driver

Solution In Progress - Updated -

Issue

An iptable rules that should match traffic going to and coming from the virtual machines through the hypervisor are not applied .
Those rules are automatically generated by CloudPlatform. The VMs are connected through bridge to the outside world.
It can be seen that only egress traffic (coming from the VM to the outside world) is subjected to those rules, ingress traffic is not.

Environment

RHEL-6-9 acting as host.
Any OS running as guest on the rhel-6.9 host.

The guest VM is connected via hosts bridge to the outside world:

host:

$brctl show
bridge name    bridge id                        STP enabled   interfaces
br-data        8000.0025b511008e    yes               eth2
                                                                     vnet0
$ethtool -k eth2
...
rx-vlan-offload: on [fixed]
tx-vlan-offload: on [fixed]
...
$ethtool -i eth2
driver: enic
version: 2.3.0.12
firmware-version: 4.0(5bS2)
bus-info: 0000:08:00.0
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-arptables=1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.