On Sun, Feb 27, 2011 at 03:04:32PM +0000, Alex Bligh wrote:
> By default netfilter appears to apply iptables rules (specifically
> the FORWARD chain) to bridged packets. Is there a way to turn this
> off (i.e. only apply the FORWARD chain to routed packets, not
> bridged ones)? I seem to remember there is, but I can't for the
> life of me find the configuration setting.
I'm not sure if there is a runtime sysctl, but at compile time your
option is CONFIG_BRIDGE_NETFILTER.
If you don't want to compile a new kernel, you could put rules
passing bridge-only traffic at the top of FORWARD:
-A FORWARD -i br0 -o br0 -j ACCEPT
for example.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
