On 09/11/2007, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > Hello, > > Bradley Kite a écrit : > > > > the connection-tracking needs to be turned off on the bridges in order > > to make this work: > > > > iptables --table raw -A PREROUTING -i [BRIDGE] -j NOTRACK > > This may have undesirable side effects unless you add "-m physdev > --physdev-is-bridged" to ensure that this rule matches only bridged > traffic and not forwarded traffic received on the bridge interface. > If you just don't want Netfilter (including the conntrack and iptables) > to see the bridged IP traffic, you can do this by setting the sysctl > net.bridge.bridge-nf-call-iptables to 0. > > echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables > or > sysctl -w net.bridge.bridge-nf-call-iptables=0 > > Add the following line in /etc/sysctl.conf to make it persistent across > reboots : > > net.bridge.bridge-nf-call-iptables=0 Ahh, great thats a much better way of doing it because I dont have to keep track of all my bridges and apply config to them seperatley. Many thanks for your help. -- Brad. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
