Hello,
Paul Reilly a écrit :
In recent kernels, 2.6.16.x there is no longer any
net/ipv4/netfilter/ipt_physdev.c
Yes, since 2.6.16 it was replaced by net/netfilter/xt_physdev.c.
and no option in kernel config to enable CONFIG_NETFILTER_XT_MATCH_PHYSDEV
Yes there is. I just checked in vanilla 2.6.16 and 2.6.16.20.
So I have no physdev in /proc/net/ip_tables_matches
and my rules which include a -m physdev fail with:
iptables: No chain/target/match by that name
Has PHYSDEV been moved somewhere else?
Since 2.6.16 the corresponding module is named xt_physdev.ko and depends
on x_tables and bridge.
How do I enable it?
Symbol: NETFILTER_XT_MATCH_PHYSDEV [=m]
Prompt: "physdev" match support
Defined at net/netfilter/Kconfig:282
Depends on: NET && NETFILTER && NETFILTER_XTABLES && BRIDGE_NETFILTER
Location:
-> Networking
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering (replaces ipchains) (NETFILTER [=y])
-> Core Netfilter Configuration
-> Netfilter Xtables support (required for ip_tables)
(NETFILTER_XTABLES [=m])
CONFIG_NETFILTER_XT_MATCH_PHYSDEV is located in the "Core Netfilter
Configuration" submenu and depends on CONFIG_NETFILTER_XTABLES
(Netfilter Xtables support) and CONFIG_BRIDGE_NETFILTER (Bridged IP/ARP
packets filtering) which depends on CONFIG_BRIDGE (802.1d Ethernet
Bridging).
