[Bridge] ebtables PREROUTING -drop
Jan Engelhardt
jengelh at medozas.de
Wed Aug 4 09:40:59 PDT 2010
On Wednesday 2010-08-04 18:39, Nicolas de Pesloüan wrote:
>>> I'm not 100% sure it is completely outside though. For instance,
>>> if you do tcdump on a bridge device (as opposed to the corresponding
>>> physical participant interface), isn't that after ingress ebtales
>>> processing, but before egress? IE is in the graph somewhere.
>>
>> Huh, all once investigated already. See
>> http://jengelh.medozas.de/images/nf-packet-flow.png for where
>> in/egress happen to be. :)
>
> Nice work!
>
> May be just missing other netif_receive_skb() magic, like bonding for example.
Well, bonding is not really part of Netfilter.
Then again, neither is ingress/xfrm ;-)
More information about the Bridge
mailing list