Hi Mr. Engelhardt, 2010/12/29 Jan Engelhardt <jengelh@xxxxxxxxxx>: > ebtables -t broute (...condition for "this network"...) -j ACCEPT > ebtables -t broute -p tcp --dport 80 -j DROP > ebtables -t broute -j ACCEPT Right, but now is the possible bug I told on the original email: This doesn't work as expected. On a test-network 192.168.0.0/24, on the bridge machine I do: ip route add 192.168.0.100 via 192.168.0.20 dev br0 Being 192.168.0.20 just some bogus route, if I do "ebtables -t broute -F", which is "apply ACCEPT on all packets", the client 192.168.0.100 browses just fine. If I do what you just did, the machine stops browsing (ie, that bogus route is used)...which is not suppose to happen, right? I tested this on kernel 2.6.31.14, 2.6.32.27, 2.6.34.7 and 2.6.36.2...with the latest ebtables version. Same result. Do you see this as expected behaviour? Or is it a bug? Cheers, - Robert -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
