dany
dany
After did everything you said, it's still the same, after installing docker the local lan client can't ping each other, I've attached a custom uci-default that can replicate the issues,...
 Note: the image ip 192.168.12.1 is another network, the gateway is 192.168.1.1 but is the same as the zone input is set to accept. This is the wireshark data...
 looks normal, it's very odd, after install dockerd, it's not working right, don't know what docker did to make this bug.
Find the culprit see the pic below:   ``` # Do not edit, changes to this file will be lost on upgrades # /etc/sysctl.conf can be used to customize...
Actually openwrt's default net.bridge.bridge-nf-call-arptables=0 net.bridge.bridge-nf-call-ip6tables=0 net.bridge.bridge-nf-call-iptables=0 is just not make bridge traffic go through firewall, which defeats the firewall setting of forward(the bridge forward input interface and output interface being...
@brada4 What do you mean by dual vlan 30, I don't have dual vlan 30   valn1 is the mentiond 30.
The Image you showed is not two vlan 30, it's lan4 port untaged for vlan 30 Did you test on a fresh install openwrt and create some vlans using DSA...
The issue basically lies down to zone forward, the OpenWrt doc says: FORWARD rules for a zone describe what happens to traffic passing between different interfaces belonging in the same...
Some other references: https://netdevconf.info/1.1/proceedings/papers/Bridge-filter-with-nftables.pdf https://openwrt.org/docs/guide-user/firewall/fw3_configurations/bridge
``` table inet fw4 { chain input { type filter hook input priority filter; policy drop; iifname "lo" accept comment "!fw4: Accept traffic from loopback" ct state established,related accept comment...