On Fri, May 01, 2015 at 08:33:03AM +0200, Jan Engelhardt wrote: > -p matches the first non-extension header. For the > exthdrs, there is e.g. -m hbh. Just to check, I guess ebtables is behaving similarly? For instance "ebtables -I <CHAIN> -p IPv6 --ip6-proto ipv6-icmp --ip6-icmp-type 130" will match MLD queries? And "-p IPv6 --ip6-proto 0" will *not* match packets with a hop-by-hop header? To match extension headers on a bridge ip6tables/physdev/bridge-nf-call-ip6tables is the only way, right? Cheers, Linus PS: Thanks for the quick reply back then, helped me a lot! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
