Hello, This is the 3rd version of interface group patches. Each net_device structure has a non-negative ifgroup member indicating the group it belongs to. In the ip tool it is between 0 and 256 where 0 means it is unset. Usage: ip link set eth0 group 4 ip lonk set eth0 group 0 # to unset ip link set eth0 group intra # named groups In /etc/iproute2/rt_ifgroup each value may have a symbolic name. Netfilter part: xt_ifgroup module for both IPv4 and IPv6. Iptables usage: iptables -A INPUT -m ifgroup --in-ifgroup 4/0xf -j ACCEPT iptables -A FORWARD -m ifgroup --in-ifgroup 4 --out-ifgroup 5 -j ACCEPT ... in the FORWARD chain both input and output interface group value should be matched (with optional masks). The following patches are: kernel: single notification, atomic changes kernel: core part kernel: netfilter module, ifgroup match iproute2: showing and set ifgroup value iptables: ifgroup match -- Attila - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
