Привет, я пытаюсь запустить ebtables в докере, однако ни одно из правил ebtables не выполняется.

Например - обратите внимание, что счетчики не увеличиваются, хотя ARP отправляется и успешно

[[email protected] /]# ebtables -A OUTPUT -p ARP -j ACCEPT
[[email protected] /]# ebtables -Lc  --Lc --Lx
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 1, policy: ACCEPT
-p ARP -j ACCEPT , pcnt = 0 -- bcnt = 0
[[email protected] /]# ping 192.168.5.201
PING 192.168.5.201 (192.168.5.201) 56(84) bytes of data.
64 bytes from 192.168.5.201: icmp_seq=1 ttl=64 time=0.141 ms
64 bytes from 192.168.5.201: icmp_seq=2 ttl=64 time=0.071 ms
64 bytes from 192.168.5.201: icmp_seq=3 ttl=64 time=0.137 ms
^C
--- 192.168.5.201 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2065ms
rtt min/avg/max/mdev = 0.071/0.116/0.141/0.033 ms
[[email protected] /]# ebtables -Lc  --Lc --Lx
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 1, policy: ACCEPT
-p ARP -j ACCEPT , pcnt = 0 -- bcnt = 0

Докер запускается в компоновке со следующими разрешениями

privileged: true
cap_add: 
  - NET_ADMIN
  - ALL
volumes:
  - /dev:/dev

То же самое в корневом пространстве имен хоста работает нормально

➜  ~ sudo  ebtables -A OUTPUT -p ARP -j ACCEPT
➜  ~ sudo ebtables -Lc  --Lc --Lx
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 1, policy: ACCEPT
-p ARP -j ACCEPT , pcnt = 0 -- bcnt = 0
➜  ~  ping 192.168.5.201
PING 192.168.5.201 (192.168.5.201) 56(84) bytes of data.
64 bytes from 192.168.5.201: icmp_seq=1 ttl=64 time=0.087 ms
64 bytes from 192.168.5.201: icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from 192.168.5.201: icmp_seq=3 ttl=64 time=0.030 ms
^C
--- 192.168.5.201 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2058ms
rtt min/avg/max/mdev = 0.030/0.052/0.087/0.025 ms
➜  ~ sudo ebtables -Lc  --Lc --Lx
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 1, policy: ACCEPT
-p ARP -j ACCEPT , pcnt = 4 -- bcnt = 112
➜  ~

версия докера на основе almalinux:8.5

no answer