[Bridge] firewalling a VM
Malcolm Scott
Malcolm.Scott at cl.cam.ac.uk
Fri Oct 19 04:09:54 PDT 2007
At 23:48 yesterday, Albert Cahalan wrote:
> Diagrams of packet flow through the kernel would help, even if that means
> a man page with ASCII art.
I don't think a man page is the best place for that really... and such
things already exist in documentation elsewhere:
http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html
> That just kills my net connection. Note that I never
> told my host machine to route via the bridge device.
> As far as I'm concerned, it ought to still be using eth0.
But the ebtables rules don't just apply to the bridge. They will most
likely be applied to the rest of your traffic too. If you want to confine
them to that bridge, say so using using --logical-in & --logical-out or
whatever.
--
Malcolm Scott
Research Assistant
University of Cambridge Computer Laboratory
More information about the Bridge
mailing list