ci: Load br_netfilter module in linux runners

Signed-off-by: Swagat Bora <[email protected]>

Author: swagatbora90

.github/workflows/job-test-in-container.yml

@@ -70,6 +70,12 @@ jobs:
       - name: "Init: expose GitHub Runtime variables for gha"
         uses: crazy-max/ghaction-github-runtime@3cb05d89e1f492524af3d41a1c98c83bc3025124  # v3.1.0
 
+      - name: "Init: install br-netfilter"
+        run: |
+          # This ensures that bridged traffic goes through netfilter
+          sudo apt-get update -qq
+          sudo apt-get install -qq nftables
+          sudo modprobe br-netfilter
       - name: "Init: register QEMU (tonistiigi/binfmt)"
         run: |
           # `--install all` will only install emulation for architectures that cannot be natively executed

.github/workflows/job-test-in-host.yml

@@ -156,6 +156,10 @@ jobs:
           sudo apt-get install -qq expect
           echo "::endgroup::"
 
+          # This ensures that bridged traffic goes through netfilter
+          sudo apt-get install -qq nftables
+          sudo modprobe br-netfilter
+
       - if: ${{ contains(inputs.runner, 'windows') && env.SHOULD_RUN == 'yes' }}
         name: "Init (windows): prepare host"
         env:

.github/workflows/job-test-in-lima.yml

@@ -66,6 +66,12 @@ jobs:
           lima sudo dnf -q -y install docker-ce --nobest
           lima sudo systemctl enable --now docker
 
+      - name: "Init: install br-netfilter in guest VM"
+        run: |
+          # This ensures that bridged traffic goes through netfilter
+          lima sudo dnf -q -y install nftables
+          lima sudo modprobe br-netfilter
+
       - name: "Init: configure the host to use dockerd in the guest VM"
         run: |
           set -eux