Greg Scott wrote:
there has been a L2-hooks back in the 2.4 days (at least the context
looks like it), and given that the ebtables targets now use
xtables, the l2hooks patch would actually be real easy.
All I ask is, please please please don't break the order with ebtables
and iptables on input! I really really really need to know the in-eth
interface.
Don't worry.
Also, I'm willing to test any l2-hook patches that tell me the iptables
out eth interface in a bridge. I have a couple of sites where I can
brew up kernels and rulesets.
That won't work. iptables *can't* know since it sits at the network
layer, while briding sits *below* it at the device layer.
I forgot why exactly you need the bridge port in iptables. But
in any case the only way to get it is within briding (where some
of the iptables features are not available). So a fix for all
of this should be to make the missing iptables features available
for briding natively.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
