Bridge port isolation not working

Linux 4.18 added the following feature:

bridge: add support for port isolation. Isolated ports cannot communicate between each other, but they can still communicate with non-isolated ports

The info text in luci suggests that this feature is supported by OpenWrt. "Bridge port specific options">"Port isolation".

A line with "option isolated '1'" is added to the corresponding "config device" section in /etc/config/network.

But it seems that OpenWrt is only changing the config files but not enforcing it:

root@OpenWrt:~# cat /sys/class/net/main2lan/brport/isolated 

Manually enabling it either by writing 1 to the sysfs file or using the bridge command (from ip-bridge) does work. This would be the expected behavior.

root@OpenWrt:~# cat /sys/class/net/main2lan/brport/isolated 
root@OpenWrt:~# bridge link set dev main2lan isolated on 
root@OpenWrt:~# cat /sys/class/net/main2lan/brport/isolated 

This seems to be a bug in luci. After enabling the setting the following command is executed:

uci set network.cfg0a0f15.isolated=**'1'**

Notice the trailing d in isolated which is incorrect.
netifd expects a config without trailing d.

After replacing isolated with isolate in the config file and reloading netifd the brport/isolate file has the expected value of 1.
Even though the setting in now correctly applied luci now shows that setting is not enabled since it still expects incorrect named isolated.

tldr: luci should set isolate and not isolated

luci issues

I have already created a github issue and a fix has also already been committed

Yes, just noticed, sorry for the noise

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.