--- zzzz-none-000/linux-4.4.271/net/bridge/br_netfilter_hooks.c	2021-06-03 06:22:09.000000000 +0000
+++ hawkeye-5590-750/linux-4.4.271/net/bridge/br_netfilter_hooks.c	2023-04-19 10:22:30.000000000 +0000
@@ -49,6 +49,7 @@
 static int brnf_call_iptables __read_mostly = 1;
 static int brnf_call_ip6tables __read_mostly = 1;
 static int brnf_call_arptables __read_mostly = 1;
+static int brnf_call_custom __read_mostly;
 static int brnf_filter_vlan_tagged __read_mostly;
 static int brnf_filter_pppoe_tagged __read_mostly;
 static int brnf_pass_vlan_indev __read_mostly;
@@ -56,6 +57,7 @@
 #define brnf_call_iptables 1
 #define brnf_call_ip6tables 1
 #define brnf_call_arptables 1
+#define brnf_call_custom 1
 #define brnf_filter_vlan_tagged 0
 #define brnf_filter_pppoe_tagged 0
 #define brnf_pass_vlan_indev 0
@@ -70,6 +72,15 @@
 #define IS_ARP(skb) \
 	(!skb_vlan_tag_present(skb) && skb->protocol == htons(ETH_P_ARP))
 
+int brnf_call_ebtables __read_mostly;
+EXPORT_SYMBOL_GPL(brnf_call_ebtables);
+
+bool br_netfilter_run_hooks(void)
+{
+	return brnf_call_iptables | brnf_call_ip6tables | brnf_call_arptables |
+		brnf_call_ebtables | brnf_call_custom;
+}
+
 static inline __be16 vlan_proto(const struct sk_buff *skb)
 {
 	if (skb_vlan_tag_present(skb))
@@ -919,6 +930,14 @@
 		.hooknum = NF_INET_PRE_ROUTING,
 		.priority = NF_IP6_PRI_FIRST,
 	},
+#ifdef CONFIG_AVM_BRIDGE_ISOLATION
+	{
+		.hook		= br_isol_hook,
+		.pf			= NFPROTO_BRIDGE,
+		.hooknum	= NF_BR_FORWARD,
+		.priority	= NF_BR_PRI_FILTER_BRIDGED
+	},
+#endif
 };
 
 #ifdef CONFIG_SYSCTL
@@ -977,6 +996,13 @@
 		.maxlen		= sizeof(int),
 		.mode		= 0644,
 		.proc_handler	= brnf_sysctl_call_tables,
+	},
+	{
+		.procname	= "bridge-nf-call-custom",
+		.data		= &brnf_call_custom,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= brnf_sysctl_call_tables,
 	},
 	{ }
 };