[Bridge] Can bridge be 'seen' by ip6tables?

Bart De Schuymer bdschuym at pandora.be
Fri Dec 22 10:52:57 PST 2006


Op vr, 22-12-2006 te 14:27 +0800, schreef llsherry:
>      Hello!    
> 
>      Recently,I’m doing a security project based upon ipv6.I have
> built up a bridge to support a transparent firewall.(my system is
> Fedora Core 2,kernel 2.6.5).In this system ,the version of the
> iptables is 1.2.7,which does not support ipv6(I have tried it).Thus,I
> download a new version and test it.
> 
>      The iptables functions in bridge mode,but the ipv6 doesn't work
> well.In the bridge mode,ip6tables can’t prevent the packet when I use
> “ip6tables CA FORWARD Cj DROP”. I use the
> command"ls/proc/sys/net/bridge",it shows
> bridge-nf-call-iptables,bridge-nf-call-arptables,bridge-nf-filter-vlan-tagged.The problem is I can't find bridge-nf-call-ip6tables.
> 
>      I have searched a lot of information,all said that the kernel2.6
> have the bridge-nf code.Could you please tell me how to let the
> bridged packets be 'seen' by ip6tables?

Support for IPv6 was added in a later kernel release.

cheers,
Bart






More information about the Bridge mailing list