[Bridge] questions about ebtable ip extension
longguang.yue
kernelluck at 163.com
Tue Apr 15 02:02:51 UTC 2014
could you tell me more?
of course , iptables use physdev option, but from ebtables call iptable's rule which uses physdev , the rule recognize physdev-in the same as physdev-out as bridge device.
if am i right?
thanks
At 2014-04-15 03:00:53,"Bart De Schuymer" <bdschuym at pandora.be> wrote:
>longguang.yue schreef op 10/04/2014 8:03:
>> br_nf_forward_ip() {
>> parent = bridge_parent(out);
>> NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, in), parent,
>> br_nf_forward_finish);
>> }
>> here, let us suppose pf = NFPROTO_IPV4, i think the return value of
>> brnf_get_logical_dev(skb, in) equals parent ?
>> its comment 'This is the 'purely bridged' case. For IP, we pass the
>> packet to
>> * netfilter with indev and outdev set to the bridge device'
>> so when calls hooks at ipv4 level
>> like iptable_filter_hook,iptable_mangle_hook, we can not distinct in and
>> out devices?
>> in other word, we can not use in/out dev with ebtables's ip extension.
>> thanks
>>
>
>You need to use the iptables physdev module to filter on the physical ports.
>
>cheers,
>Bart
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bridge/attachments/20140415/854a0954/attachment.html>
More information about the Bridge
mailing list