Am 05.01.2012 20:50, schrieb Bart De Schuymer: > Op 5/01/2012 0:13, Richard Weinberger schreef: >> >> Let's export brnf_call_iptables and brnf_call_ip6tables, such that >> physdev_mt_check() can notify the user that his iptables rule will have >> no effect. >> > > I don't want to introduce a runtime dependency between the iptables > physdev module and the bridge module. > This should keep working: > #modprobe bridge > #modprobe xt_physdev > #rmmod bridge > It will stop working if you use exported symbols of the bridge module in > the physdev module. > IMHO this behavior would be useful. 8-) Removing bridge while xt_physdev is loaded will make some netfilter rules void. Which is not fun on a production firewall. Thanks, //richard
Attachment:
signature.asc
Description: OpenPGP digital signature
