Revert "T7523: firewall: Accepting invalid traffic for pppoe discovery and wol"

This reverts commit 9bd9ae7.

Author: opswill

data/templates/firewall/nftables.j2

@@ -416,9 +416,7 @@ table bridge vyos_filter {
         ct state invalid ether type arp counter accept
         ct state invalid ether type 8021q counter accept
         ct state invalid ether type 8021ad counter accept
-        ct state invalid ether type 0x8863 counter accept
         ct state invalid ether type 0x8864 counter accept
-        ct state invalid ether type 0x0842 counter accept
 {%                 endif %}
 {%             endif %}
 {%             if global_options.state_policy is vyos_defined %}

interface-definitions/include/firewall/global-options.xml.i

@@ -51,7 +51,7 @@
       <children>
         <leafNode name="invalid-connections">
           <properties>
-            <help>Accept ARP, 802.1q, 802.1ad, DHCP, PPPoE and WoL despite being marked as invalid connections</help>
+            <help>Accept ARP, 802.1q, 802.1ad, DHCP and PPPoE despite being marked as invalid connections</help>
             <valueless/>
           </properties>
         </leafNode>

smoketest/scripts/cli/test_firewall.py

@@ -785,9 +785,7 @@ def test_bridge_firewall(self):
             ['ct state invalid', 'ether type arp', 'accept'],
             ['ct state invalid', 'ether type 8021q', 'accept'],
             ['ct state invalid', 'ether type 8021ad', 'accept'],
-            ['ct state invalid', 'ether type 0x8863', 'accept'],
             ['ct state invalid', 'ether type 0x8864', 'accept'],
-            ['ct state invalid', 'ether type 0x0842', 'accept'],
             ['chain VYOS_PREROUTING_filter'],
             ['type filter hook prerouting priority filter; policy accept;'],
             ['ip6 daddr @A6_AGV6', 'notrack'],