On 08-01-2015 20:17, Leonid Isaev wrote: > The former. It applies to filtering traffic passing through the bridge. If the > module is loaded and /proc/sys/net/bridge/bridge-nf-* == 1 then you should be > able to manipulate traffic _inside_ the bridge using iptables FORWARD chain. If > the module is not loaded, or the above files contain 0, then the bridge acts as > a "dumb" switch. So, you can use the FORWARD chain to forward packets _between_ > the bridge and some other interface. > Got it :) Thanks for the heads-up. I have always assumed the bridge would behave like a dumb switch since I'm not using ebtables but clearly I was wrong. If my setup breaks I'll know where to look first now :) -- Mauro Santos
