Nicolas de Pesloüan wrote: > Michael Tremer wrote: >> Oops, just sent the email when your one scrabbled to my inbox. >> >> https://lists.linux-foundation.org/pipermail/bridge/2009-July/006626.html >> >> >> I applied that ebtables rule to the chain but no packages got to the >> vlan interface (eth0.30) anymore. >> >> Michael > > For as far as I remember, this hack works really well when eth0 and > eth0.30 are not in the same bridge (br0/br1). Anyway, I cannot think > of a good reason for it not to work in a single bridge. Well, it actually does not. But there is a very interesting thing: The eth0.30 gets all packages (esp. ARP and my ICMP reply for testing) but the ping command on the other shell returns *nothing*. iptables has no rules got and policy is ACCEPT. brctl addbr br0 brctl addbr br1 brctl addif br0 eth0 brctl addif br1 eth0.30 ebtables -t broute -D BROUTING -p 802_1Q -i eth0 -j DROP is the command. Do you have got any ideas how to debug this? > > Try and dig around with ebtable, using the logging feature. Im' pretty > sure it works, but does not have a bridge available here to test. > > I googled around to try and find the original web page where a learned > this hack, but without any success. You can try, searching for > ebtables+BROUTING+DROP+802_1Q+vlan-id and so on... > > Nicolas. Sincerely, Michael _______________________________________________ Bridge mailing list Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/bridge
