[PATCH 0/5] netfilter: nf_flow_table_path: L2 bridge offload
Florian Westphal
fw at strlen.de
Mon Jun 29 05:56:16 PDT 2026
Daniel Pawlik <pawlik.dan at gmail.com> wrote:
> -----------------------------
> 1. Load kmod-br-netfilter so that bridged IP traffic traverses the
> netfilter forward chain.
Ouch. br_netfilter should die. Really. Its a gross hack, never
use this thing...
> 2. Enable netfilter hooks on the bridge:
> echo 1 > /sys/class/net/<br>/bridge/nf_call_iptables
> echo 1 > /sys/class/net/<br>/bridge/nf_call_ip6tables
>
> 3. Register bridge member interfaces in the nft flowtable:
> table inet filter {
> flowtable f {
> hook ingress priority filter
> devices = { eth0, wlan0 }
> }
I think that bridge flowtable should use 'table bridge ...', not
use the br_netfilter compat hacks.
Sorry.
Are you aware of Eric Woudstras bridge flowtable patches?
https://lore.kernel.org/netfilter-devel/20250408142802.96101-5-ericwouds@gmail.com/
More information about the Linux-mediatek
mailing list