ebtables/iptables not filtering non VLAN traffic with enic host driver
Issue
An iptable rules that should match traffic going to and coming from the virtual machines through the hypervisor are not applied .
Those rules are automatically generated by CloudPlatform. The VMs are connected through bridge to the outside world.
It can be seen that only egress traffic (coming from the VM to the outside world) is subjected to those rules, ingress traffic is not.
Environment
RHEL-6-9 acting as host.
Any OS running as guest on the rhel-6.9 host.
The guest VM is connected via hosts bridge to the outside world:
host:
$brctl show
bridge name bridge id STP enabled interfaces
br-data 8000.0025b511008e yes eth2
vnet0
$ethtool -k eth2
...
rx-vlan-offload: on [fixed]
tx-vlan-offload: on [fixed]
...
$ethtool -i eth2
driver: enic
version: 2.3.0.12
firmware-version: 4.0(5bS2)
bus-info: 0000:08:00.0
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-arptables=1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
