Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
vrrp: For use_vmac and use_ipvlan, copy the group from the base inter…
…face It is useful in many instances to set up firewall rules based on interface groups so that sets of interfaces may be aggregated by group and matched with a single rule rather than by listing them all. Prior to this change, when use_vmac or use_ipvlan is used, new interfaces are created with the default group, which breaks this ability. Further complicating the issue is that nftables resolves interface names to ifindex at load time. This is problematic with keepalived's interface creation, which usually comes after the firewall loading, forcing the use of iifname, oifname instead (similar to iptables -i, -o). By copying the group value, such firewall rules can continue to work regardless of the use_vmac or use_ipvlan settings, since packets may now arrive on, or be routed out from, the new interfaces.
- Loading branch information