On 30/03/10 14:01, ratheesh k wrote:
Hi ,
i have a rule
ebtables -t broute -A BROUTING -j ACCEPT .
So packet wont traverse any other chain ? ( Prerouting , Input ,
Forward , Postrouting ) ???
I thought this was obvious, but on second thoughts, it's probably not as
obvious as all that
$ man ebtables
...
The targets DROP and ACCEPT have a special
meaning in
the broute table (these names are used instead of more
descrip-
tive names to keep the implementation generic). DROP
actually
means the frame has to be routed, while ACCEPT means
the frame
has to be bridged.
and in the diagram that Jan pointed to
(http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg)
it becomes clear: -J ACCEPT means that the frame goes to the ebtables
nat table; DROP means it goes up into the network layer for iptables to
play with.
You'll make life easier for yourself as well if you call layer two
things "frames" and layer three things "packets".
jch
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
