Tomasz Chmielewski a écrit : > On 30.08.2010 20:14, Pascal Hambourg wrote: > >>> With these rules, I'm not able to communicate (i.e. ping) with other >>> hosts in the same subnet, except the gateway (although this was the same >>> with my previous rules, I think). I am not very experienced with ebtables, so maybe I missed something. I quickly tested these rules with two hosts and they seemed to work as expected. >> Of course these rules are just a part of the ruleset. Did you do the >> same for all other bridge ports and hosts in the subnet ? > > No, I did not. Communication is two-way. The rules I suggested accept only one way. The other way depends on the rest of the rules. > So even if it's blocked on one bridge, rogue MAC/IP can still "get > outside" and interfere with other bridges/guests? That would imply that the host is connected to multiple bridges. Of course each bridge is independent. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
