Gareth Williams schreef: > Ahh but I already tried physdev - and it throws warnings that it will > not work on forward or post routing paths when it's not on a bridge > interface. > > But I was specifying the rule with "-o br0" which is a bridge so the > physdev rule should have been sane? > > Even though it threw this warning it did add into iptables but still > didn't work for me. > > I might revisit it and see if I can figure out what was wrong. > > I'd do that if I were you :-) First figure out what's going on e.g. by adding rules, sending traffic and looking at the rule counters. The iptables LOG target should produce a string containing the physindev and physoutdev device name (the bridge input and output port for the packet). cheers, Bart -- Bart De Schuymer www.artinalgorithms.be -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
