broute table is not flushed

Question

broute table is not flushed

532910 opened this issue 5 years ago · 2 comments

Steps to reproduce:

clear broute table:

# ebtables -t broute -F
# ebtables -t broute -L
Bridge table: broute

Bridge chain: BROUTING, entries: 0, policy: ACCEPT

update ferm configuration, add:

domain eb table broute chain BROUTING {
    daddr $PrinterMAC DROP;
}

and restart ferm, rule will appear, as expected:

# ebtables -t broute -L      
Bridge table: broute

Bridge chain: BROUTING, entries: 1, policy: ACCEPT
-d PrinterMAC -j DROP

undo step 2 and restart ferm, the rule will remain:

# ebtables -t broute -L      
Bridge table: broute

Bridge chain: BROUTING, entries: 1, policy: ACCEPT
-d PrinterMAC -j DROP

Answer 1 · 2020-01-24T11:20:37.000Z

That's because ferm will only touch tables which are mentioned in the configuration.

Answer 2 · 2020-01-24T15:28:38.000Z

That's because ferm will only touch tables which are mentioned in the configuration.

It is not true!

switching from
table filter chain INPUT proto tcp dport ssh ACCEPT;
to
table nat chain PREROUTING proto tcp DNAT daddr 10.11.11.8 dport 10 to 10.11.11.2;
will remove ssh rure even filter table is not described more.