On Friday 2010-12-17 05:00, Robert Pipca wrote: >> If the above is fine to you, why would you even execute these two: > >Apart from trying to understand the correct usage of ebtables rules, I >use it to _exclude_ IPs from a webproxy redirection. > >Something like: > >ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-dst >200.152.32.0/24 -j redirect --redirect-target ACCEPT >ebtables -t broute -A BROUTING -i eth2 -p ipv4 --ip-src >200.152.32.0/24 -j redirect --redirect-target ACCEPT Odd combination of redirect with BROUTING. I am surprised ebtables even allows the use of "redirect" outside its nat table. >ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-proto tcp >--ip-dport 80 -j redirect --redirect-target DROP >ebtables -t broute -A BROUTING -i eth2 -p ipv4 --ip-proto tcp >--ip-sport 80 -j redirect --redirect-target DROP Complete rulesets, please. Per ebtables-save. Otherwise it is impossible on whether rules have any effect: >But, like I said, it doesn't work as expected. The packets don't get >"bridged" like when the policy applies. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
