Am Tuesday, den 31 July hub Grant Taylor folgendes in die Tasten: Hi! [..]. > >-A FORWARD -physdev --physdev-in eth0 --physdev-out eth2 -j DROP > >-A FORWARD -physdev --physdev-in eth2 --physdev-out eth0 -j DROP > >-A FORWARD -j ACCEPT > I have never worked with the physdev match extension so I can not say > for sure. I do not recall which features were being taken out of main > line NetFilter code, but I want to say that physdev was one of them, > thus meaning you would have to keep patching the kernel when you upgrade > to make this work. Thus in my opinion making the EBTables option more > maintainable and thus more appealing. The physdev match is in the vanilla kernel for some time now. I've used it on several bridgewall without patching the kernel. max@pandora:linux-2.6.21.3$ grep PHYSDEV net/netfilter/Kconfig config NETFILTER_XT_MATCH_PHYSDEV Ciao Max -- Follow the white penguin.
