bend chen wrote: > hi,Francesco Ciocchetti > > thanks your help. > > i used -m physdev in my BRIDGE. > but,did I must used -m physdev in FORWARD tables ? > > Can I use like these : > > iptables -A INPUT -m physdev --physdev-in eth0 -p tcp --dport 22 -j ACCEPT > iptables -A OUTPUT -m physdev --physdev-out eth1 -p icmp -j DROP > > > > Thans Sure that you can do it ... if you enabled Support for Netfilter on Bridge devices in your kernel. You can use physdev-in, physdev-out as you wuold use '-i' and '-o' . Bye P.
