On Thu, 03 Feb 2011 21:42:59 -0600 Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote: > Once the traffic is in side of a VLAN tag (on the raw device), filters > will not match the traffic the say way that it did. - Try applying > your filters to the VLAN sub-interface. > > This is because the traffic is no longer IP traffic in side of Ethernet > SNAP frames, but rather VLAN tagged frames that contain Ethernet SNAP > frames. Is that a way to use instead of "protocol ip" use something like "protocol 0x8100"?? What is the general form of "protocol ip" (if there is one)? Some "u32 match" perhaps?? Ethy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
