Jonathan Tripathy a écrit :
> On 24/08/10 15:44, Pascal Hambourg wrote:
>>
>> Jan's diagram pointed to by Karel Rericha explains paths in the IP layer
>> and the link layer. However bridge-netfilter (the capability to send
>> bridged packets through {ip,arp,ipv6}tables chains whereas they are not
>> processed by the IP stack) makes things a bit more complicated.
>
> I think what I am getting confused with is how am I able to use the
> FORWARD chain in iptables with my bridge setup, even though forwarding
> is disabled?
Because of netfilter-bridge which allows to pass bridged packets through
iptables chains. See the "link layer" part of the diagram, where
bridging takes place. This behaviour can be controlled by sysctls in
/proc/sys/net/bridge/ (see Documentation/networking/ip-sysctl.txt).
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
