I'm sorry, but that didn't parse. I won't, what? Skb's? Bob McDowell Network/Security Engineer Cox HealthPlans -----Original Message----- From: Nikolay S. [mailto:nowhere@xxxxxxxxxxxxxxxx] Sent: Tuesday, June 07, 2011 9:24 AM To: Bob McDowell Cc: netfilter@xxxxxxxxxxxxxxx Subject: RE: ipv6 link local address Ð ÐÑÑ, 07/06/2011 Ð 12:44 +0000, bmcdowell@xxxxxxxxxxxxxxxxxx ÐÐÑÐÑ: > Please understand that I do want to be able to use ip6tables to filter forwarded traffic. I just do not want the interfaces speaking to anyone while they're doing their job. > > Perhaps this example can explain it better than I have: http://www.sjdjweis.com/linux/bridging/ > > > Thanks again. > You won't. skb's are passed to ip6tables from bridge based on ipv6- header, not the state of the protocol on slave device. And bridge itself does not filter incoming frames by L3-header. > > Bob McDowell > Network/Security Engineer > Cox HealthPlans > > > -----Original Message----- > From: Nikolay S. [mailto:nowhere@xxxxxxxxxxxxxxxx] > Sent: Tuesday, June 07, 2011 1:44 AM > To: Bob McDowell > Cc: netfilter@xxxxxxxxxxxxxxx > Subject: Re: ipv6 link local address > > > You can turn off ipv6 on interfaces. This should not prevent bridging > ipv6, but will remove any ipv6 logic from them. > > ÿô.nÇ·®+%˱é¥wÿº{.nÇ·§z××þ)íèjg¬±¨¶Ýjÿ¾«þG«é¸¢·¦j:+v¨wèm¶ÿþø®w¥þ࣢·hâÿÙ