Philip Craig wrote: > The only solution I am aware of is to stop bridging and use routing > and arp proxy. Sorry, the above isn't the only solution. Other possibilities: 1. Filter on IP address instead of output interface. 2. Delay the decision by setting a mark in iptables and filtering again in ebtables. eg the mark could simply encode which port the packet is allowed for, and ebtables drops if it is bridged out a different port. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
