Ð ÐÑÑ, 07/06/2011 Ð 12:44 +0000, bmcdowell@xxxxxxxxxxxxxxxxxx ÐÐÑÐÑ: > Please understand that I do want to be able to use ip6tables to filter forwarded traffic. I just do not want the interfaces speaking to anyone while they're doing their job. > > Perhaps this example can explain it better than I have: http://www.sjdjweis.com/linux/bridging/ > > > Thanks again. > You won't. skb's are passed to ip6tables from bridge based on ipv6- header, not the state of the protocol on slave device. And bridge itself does not filter incoming frames by L3-header. > > Bob McDowell > Network/Security Engineer > Cox HealthPlans > > > -----Original Message----- > From: Nikolay S. [mailto:nowhere@xxxxxxxxxxxxxxxx] > Sent: Tuesday, June 07, 2011 1:44 AM > To: Bob McDowell > Cc: netfilter@xxxxxxxxxxxxxxx > Subject: Re: ipv6 link local address > > > You can turn off ipv6 on interfaces. This should not prevent bridging > ipv6, but will remove any ipv6 logic from them. > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
