On Thursday 2010-08-19 00:15, Jonathan Tripathy wrote: > >>> Incidentally, would using ebtables rules prevent the bridge from going into >>> "dumb hub" mode? Like let's say I said that "all traffic leaving this >>> interface must have this destination MAC address". >> >> No, EBTables will not prevent a bridge from having to go through the learning >> process. EBTables might filter out the frame so that it doesn't (fully) >> traverse the bridge, but it will not educate the MAC table. >> >> Remember that the bridge will behave just like any switch would that multiple >> servers are plugged in to. >> > Sorry, I used a bad choice of words - Would ebtables stop the frame reaching > the remote host (VM in my case) is what I meant to say :) No. The two bridges are not connected to another in the first place, so the only way for a packet to come in on br0 and go out on br1 is routing, for which iptables is needed to filter. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
