agashi shipora wrote: > I want to use L7 filter with ebtables for setting a MARK on the packet > similar to how it is being done with iptables today. > > Using brouting the bridge packet can be re-directed to the routing > path traversing the iptables.But all packets arriving on the interface > enslaved to the bridge would have to be brouted.This may not be > acceptable as a solution in my case. > > example: > Whats available: > iptables -t filter -A FORWARD -m layer7 --l7proto edonkey -j MARK --set-mark 3 > > What needs to be supported: > ebtables -t nat -A PRE-ROUTING -m layer7 --l7proto edonkey -j MARK --mark-set 3 > > Is any work going on to port L7 filter to ebtables or does this port > of L7 filter already exist? > You can use iptables to filter bridged IP traffic, so I don't see the problem. Just make sure /proc/sys/net/bridge/bridge-nf-call-iptables contains 1. No need for brouting. cheers, Bart -- Bart De Schuymer www.artinalgorithms.be -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
