[ebtbles] Replace binary config file to text config file for ebtables (#5252)
Issue: Binary ebtables config file is CPU arch dependent Fix: Load the text config during firsttime boot and Generate the binary persistent atomic file Signed-off-by: Antony Rheneus <arheneus@marvell.com>
This commit is contained in:
parent
47a925cac6
commit
f136fd0623
@ -486,7 +486,7 @@ fi
|
|||||||
sudo cp -f files/image_config/ebtables/ebtables.default $FILESYSTEM_ROOT/etc/default/ebtables
|
sudo cp -f files/image_config/ebtables/ebtables.default $FILESYSTEM_ROOT/etc/default/ebtables
|
||||||
sudo cp -f files/image_config/ebtables/ebtables.init $FILESYSTEM_ROOT/etc/init.d/ebtables
|
sudo cp -f files/image_config/ebtables/ebtables.init $FILESYSTEM_ROOT/etc/init.d/ebtables
|
||||||
sudo cp -f files/image_config/ebtables/ebtables.service $FILESYSTEM_ROOT/lib/systemd/system/ebtables.service
|
sudo cp -f files/image_config/ebtables/ebtables.service $FILESYSTEM_ROOT/lib/systemd/system/ebtables.service
|
||||||
sudo cp files/image_config/ebtables/ebtables.filter ${FILESYSTEM_ROOT}/etc
|
sudo cp files/image_config/ebtables/ebtables.filter.cfg ${FILESYSTEM_ROOT}/etc
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT update-alternatives --set ebtables /usr/sbin/ebtables-legacy
|
sudo LANG=C chroot $FILESYSTEM_ROOT update-alternatives --set ebtables /usr/sbin/ebtables-legacy
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable ebtables.service
|
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable ebtables.service
|
||||||
|
|
||||||
|
Binary file not shown.
11
files/image_config/ebtables/ebtables.filter.cfg
Normal file
11
files/image_config/ebtables/ebtables.filter.cfg
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# SONiC ebtables filter table configuration
|
||||||
|
# Generated using ebtables-save
|
||||||
|
|
||||||
|
*filter
|
||||||
|
:INPUT ACCEPT
|
||||||
|
:FORWARD ACCEPT
|
||||||
|
:OUTPUT ACCEPT
|
||||||
|
-A FORWARD -d BGA -j DROP
|
||||||
|
-A FORWARD -p ARP -j DROP
|
||||||
|
-A FORWARD -p 802_1Q --vlan-encap ARP -j DROP
|
||||||
|
|
@ -123,6 +123,13 @@ program_console_speed()
|
|||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ebtables_config()
|
||||||
|
{
|
||||||
|
# Generate atomic config file and save it persistent
|
||||||
|
/usr/sbin/ebtables-restore < /etc/ebtables.filter.cfg
|
||||||
|
/usr/sbin/ebtables -t filter --atomic-file /etc/ebtables.filter --atomic-save
|
||||||
|
}
|
||||||
|
|
||||||
#### Begin Main Body ####
|
#### Begin Main Body ####
|
||||||
|
|
||||||
logger "SONiC version ${SONIC_VERSION} starting up..."
|
logger "SONiC version ${SONIC_VERSION} starting up..."
|
||||||
@ -341,6 +348,9 @@ if [ -f $FIRST_BOOT_FILE ]; then
|
|||||||
# Create dir where following scripts put their output files
|
# Create dir where following scripts put their output files
|
||||||
mkdir -p /var/platform
|
mkdir -p /var/platform
|
||||||
|
|
||||||
|
# Firsttime ebtables configuration
|
||||||
|
ebtables_config
|
||||||
|
|
||||||
firsttime_exit
|
firsttime_exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user