On 08-01-2015 18:57, Leonid Isaev wrote: > > BTW, to those updating, one notable (at least from my perspective) change with > 3.18.y is the new module br_netfilter responsible for filtering traffic coming > through a bridge. This module is not loaded automatically, so no firewall is > enabled by default in bridges. Here is a dmesg snippet: > --- > kernel: [ 23.690774] bridge: automatic filtering via arp/ip/ip6tables has > been deprecated. Update your scripts to load br_netfilter if you need this. > --- I'm not sure I'm reading it right and a quick google search doesn't turn up much besides this[1]. Does this apply to filtering via iptables (traffic from/to localhost to/from machines on the bridge) or more specifically to ebtables (filter traffic between machines on the bridge)? [1] http://ebtables.netfilter.org/documentation/bridge-nf.html -- Mauro Santos
