hi,Francesco Ciocchetti thanks your help. i used -m physdev in my BRIDGE. but,did I must used -m physdev in FORWARD tables ? Can I use like these : iptables -A INPUT -m physdev --physdev-in eth0 -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -m physdev --physdev-out eth1 -p icmp -j DROP Thans ======= 2005-06-27 13:47:15 ======= >bend chen wrote: > >>hi,netfilter >> >> who can give me some examples from "iptables -m physdev"? >> >>thanks your help >> >> >> >> >You need it to check the INPUT and OUTPUT Pyshical Interface for a >BRIDGE you want to filter with Iptables. > >I mean, if you have an eth0 and eth1 bridged in a br0 interface all the >packets coming and exiting to and from the bridge will result with >IN-INTERFACE and OUT-INTERFACE as br0. If you need to filter the packets >based on incoming and outcoming interfaces you need to use -m physdev > >iptables -A FORWARD -m physdev --physdev-in eth0 -j ACCEPT > > >bye >P. > = = = = = = = = = = = = = = = = = = = = bend chen boy2eye@xxxxxxx 2005-06-27
