On Thursday 14 October 2004 02:23, Tom Eastep wrote: > Bart De Schuymer wrote: > > On Monday 16 August 2004 03:31, Patrick McHardy wrote: > >>The problem is ipv4_sabotage_out in the briding code. It prevents the > >>packet from hitting the LOCAL_OUT hook while it is still unencrypted. > >>When it hits the bridging code and its LOCAL_OUT hook it's too late. > >>Not sure how to handle it yet. > > > > I'll have a look at that after I'm finished with the IPv6 bridge > > firewalling > > > stuff. > > Any progress on this? You should be able to do what you want in the iptables mangle OUTPUT chain instead of the one in the filter table. Patrick, a hack solution would be to temporarily change out->hard_start_xmit to something else than br_dev_xmit, that way you fool ipv4_sabotage_out. cheers, Bart
