Just so that I might complete my own post, It seems that with my slave firewall that ebtables was set up to drop all non ARP and IPv4 packets - this was intended, but to my surprise it also blocked all STPBPDU packets. I am unable to figure out a rule to allow those packets through - but the setup is working thus far. Jun 22 09:14:51 geminus kernel: EBFW-INPUT IN=eth0 OUT= MAC source = 00:10:b5:4b:f5:ea MAC dest = 01:80:c2:00:00:00 proto = 0x0026 Jun 22 09:14:51 geminus kernel: EBFW-INPUT IN=eth3 OUT= MAC source = 00:0d:88:53:48:c5 MAC dest = 01:80:c2:00:00:00 proto = 0x0026 Jun 22 09:14:52 geminus kernel: EBFW-OUTPUT IN= OUT=eth6 MAC source = 00:0d:88:68:7d:2f MAC dest = 01:80:c2:00:00:00 proto = 0x0026 Jun 22 09:14:52 geminus kernel: EBFW-OUTPUT IN= OUT=eth5 MAC source = 00:0d:88:68:7d:2e MAC dest = 01:80:c2:00:00:00 proto = 0x0026 Jun 22 09:14:52 geminus kernel: EBFW-OUTPUT IN= OUT=eth4 MAC source = 00:0d:88:68:7d:2d MAC dest = 01:80:c2:00:00:00 proto = 0x0026 Jun 22 09:14:52 geminus kernel: EBFW-OUTPUT IN= OUT=eth3 MAC source = 00:0d:88:68:7d:2c MAC dest = 01:80:c2:00:00:00 proto = 0x0026 I would like to know if anyone has been able to allow only ARP,IPv4 and STPBPDU (proto = 0x0026) packets through by means of ebtables rules, ie can someone give me a push in the right direction in making a rule to allow STPBPDU (proto = 0x0026) packet through? Kind Regards Etienne
