I have found the solution, I must use AF_BRIDGE address family instead of AF_INET Thanks anyway :) On 11 August 2010 16:56, Angel Inkov <bl8cki@xxxxxxxxx> wrote: > Hello, > > I have compiled libnetfilter_log (make; make check) and from there I'm > using nfulnl_test utility with little modification to bind > on group 1 (qh = nflog_bind_group(h, 1)), which as I understand dumps > some information for arriving packets. > > After that with rule such: > > 'iptables -t filter -A OUTPUT -p IP -d 192.168.1.1 -j NFLOG --nflog-group 1' > > I successfully see packet information with nfulnl_test when execute > 'ping 192.168.1.1' > > When I want to do the same thing with ebtables with rule: > > 'ebtables -t filter -A OUTPUT -p IP --ip-dst 192.168.1.1 --nflog-group > 1 -j ACCEPT' > > I can not see anything. When I check if the rule is matching with > 'ebtables -L --Lc' everything seems ok, > counters increment. > > Am I missing something? > > Is there some other way I can check if ebtables nflog functionality is > working properly? > Maybe the problem is in nfulnl_test utility, which works only for iptables? > > Thanks for your help! > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
