From 74ee472821dc8ea2d8be8cdee72e4495ac4e0f0b Mon Sep 17 00:00:00 2001 From: Lukas Stockner Date: Fri, 7 Oct 2022 13:32:32 +0200 Subject: [PATCH 1/2] Enable nf_conntrack_bridge and nft_meta_bridge kernel modules This allows to use conntrack rules for bridges in nftables and to match on bridge interface names. --- .../changes/2022-10-07-kernel-enable-bridge-conntrack.md | 1 + .../sys-kernel/coreos-modules/files/commonconfig-5.15 | 2 ++ 2 files changed, 3 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-10-07-kernel-enable-bridge-conntrack.md diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-10-07-kernel-enable-bridge-conntrack.md b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-10-07-kernel-enable-bridge-conntrack.md new file mode 100644 index 0000000000..f100f545eb --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-10-07-kernel-enable-bridge-conntrack.md @@ -0,0 +1 @@ +- Added CONFIG_NF_CONNTRACK_BRIDGE (for nf_conntrack_bridge) and CONFIG_NFT_BRIDGE_META (for nft_meta_bridge) to the kernel config diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.15 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.15 index a732060e0a..8d56fa17dd 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.15 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.15 @@ -650,6 +650,7 @@ CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=m CONFIG_NFS_V4_1=y CONFIG_NFS_V4_2=y +CONFIG_NFT_BRIDGE_META=m CONFIG_NFT_BRIDGE_REJECT=m CONFIG_NFT_COMPAT=m CONFIG_NFT_COUNTER=m @@ -676,6 +677,7 @@ CONFIG_NFT_REDIR=m CONFIG_NFT_REJECT=m CONFIG_NF_CONNTRACK=m CONFIG_NF_CONNTRACK_AMANDA=m +CONFIG_NF_CONNTRACK_BRIDGE=m CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_FTP=m CONFIG_NF_CONNTRACK_H323=m From 46ff05ed65620373db8393ddd0c0f9b0743ec00d Mon Sep 17 00:00:00 2001 From: Lukas Stockner Date: Tue, 11 Oct 2022 11:23:32 +0200 Subject: [PATCH 2/2] Update changelog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Kai Lüke --- .../changes/2022-10-07-kernel-enable-bridge-conntrack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-10-07-kernel-enable-bridge-conntrack.md b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-10-07-kernel-enable-bridge-conntrack.md index f100f545eb..722108249b 100644 --- a/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-10-07-kernel-enable-bridge-conntrack.md +++ b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-10-07-kernel-enable-bridge-conntrack.md @@ -1 +1 @@ -- Added CONFIG_NF_CONNTRACK_BRIDGE (for nf_conntrack_bridge) and CONFIG_NFT_BRIDGE_META (for nft_meta_bridge) to the kernel config +- Added `CONFIG_NF_CONNTRACK_BRIDGE` (for nf_conntrack_bridge) and `CONFIG_NFT_BRIDGE_META` (for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names ([coreos-overlay#2207](https://github.com/flatcar/coreos-overlay/pull/2207))