In the past when I said: ebtables -A INPUT -p 0x828 -j DROP !!DOES NOT WORK!! ebtables -A INPUT -p 0x800 -j DROP !!WORKS!! Group members told me that: > What you need to do is register your function > on the existing NF_BR_PRE_ROUTING hook, with a priority number lower than > that of the ebtables nat PREROUTING chain (prio=NF_BR_PRI_NAT_SRC). ebt INPUT | | ebt (PREROUTING)------Bridging-----ebt (FORWARD) I think my code is decapsulating (changing eth hdr) before INPUT chain is traversed. So, I am confused as to what the priority number should be. Since encap/ decap functions are called by main code. If the prio is Lower than NF_BR_PRI_NAT_SRC, encapsulation is taking place even before ebt-PREROUTING chain is traversed. So is decapsulation. Then I don't think I could filter the packets in the above fashion using protocol 0x828. So, I am wondering what is the right prio to choose. It is important I have a right piority. Thanks in advance, -Raj
