Re: ebtables ACCEPT policy vs ACCEPT target

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Mr. Engelhardt,

2010/12/29 Jan Engelhardt <jengelh@xxxxxxxxxx>:
> ebtables -t broute (...condition for "this network"...) -j ACCEPT
> ebtables -t broute -p tcp --dport 80 -j DROP
> ebtables -t broute -j ACCEPT

Right, but now is the possible bug I told on the original email: This
doesn't work as expected.

On a test-network 192.168.0.0/24, on the bridge machine I do:

ip route add 192.168.0.100 via 192.168.0.20 dev br0

Being 192.168.0.20 just some bogus route, if I do "ebtables -t broute
-F", which is  "apply ACCEPT on all packets", the client 192.168.0.100
browses just fine.

If I do what you just did, the machine stops browsing (ie, that bogus
route is used)...which is not suppose to happen, right?

I tested this on kernel 2.6.31.14, 2.6.32.27, 2.6.34.7 and
2.6.36.2...with the latest ebtables version. Same result.

Do you see this as expected behaviour? Or is it a bug?

Cheers,

- Robert
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux