[Bridge] catching all packets on an interface

Scott MacKay scottmackay at yahoo.com
Sat Mar 15 10:14:02 PDT 2008


Ah great I did not realize you could use physdev on
both.  My need was to pass all packets which go thru
the interface to QUEUE for mangling or at least
investigation (so ideally after fragments are
recombined and such).

I saw a nice flow diagram
(http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png)
 showing the interactions of bridged packets and
normal iptables flow.  It *seemed* like
prerouting/postrouting caught all local/passthru
packets coming in/out of the interface, so maybe:
iptables -I PREROUTING -m physdev --physdev-in eth0 -t
mangle -j QUEUE
iptables -I POSTROUTING -m physdev --physdev-out eth0
-t mangle -j QUEUE
?

-Scott


--- Matt Richards <matt at mattstone.net> wrote:

> Hello, 
> 
> by capture I'm guessing you mean match?
> 
> With bridges and iptables i normally use physdev
> 
> iptables -I FORWARD -m physdev --physdev-in eth0
> --physdev-out eth1
> 
> Hth,
> 
> Matt.
> 
> On Sat, Mar 15, 2008 at 04:50:39AM -0700, Scott
> MacKay wrote:
> > In a simple bridge design, eth0, eth1, bridged to
> br0,
> > what iptables rules would be needed to capture all
> of
> > the packets?
> > 
> > It looked like one in PREROUTING/mangle and
> > POSTROUTING/mangle would do it for all locally
> > delivered/received and passthru....
> > 
> > -Scott
> > 
> > 
> >      
>
____________________________________________________________________________________
> > Never miss a thing.  Make Yahoo your home page. 
> > http://www.yahoo.com/r/hs
> > _______________________________________________
> > Bridge mailing list
> > Bridge at lists.linux-foundation.org
> >
>
https://lists.linux-foundation.org/mailman/listinfo/bridge
> 
> -- 
> Matt Richards
> > _______________________________________________
> Bridge mailing list
> Bridge at lists.linux-foundation.org
>
https://lists.linux-foundation.org/mailman/listinfo/bridge



      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs


More information about the Bridge mailing list