[OpenWrt-Devel] MT7621 and bridge firewalling
Etienne Champetier
champetier.etienne at gmail.com
Sat Apr 11 12:48:25 EDT 2020
Hello OpenWrt hackers,
I'm playing around with OpenWrt master on a MikroTik RB750Gr3 and
would like to do hardware accelerated statefull bridge firewalling. My
end goal is to learn and make PhanTap
(https://github.com/nccgroup/phantap) work at line rate.
MT7621 supports flow offload, so the high level idea would be to:
- create a linux bridge with 2 ports (say lan4/lan5)
- disable normal switch offload (do not forward just based on mac
dest) and have the packets go through netfilter
- have netfilter create/install flow offload rules for most
connections like we do for the routing case.
- enjoy
My questions are:
- will the hardware let me do that (any restrictions on the flow
offload rules or ...) ?
- is it already possible with OpenWrt master (I was not able to have a
bridge without offload yet) ?
- any pointer to ongoing work in that area (while writing this email I
just found NF_CONNTRACK_BRIDGE)
Thanks
Etienne
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list