[Fwd: RE: ipv6 link local address]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-------- ÐÐÑÐÑÑÐÐÐÐÐÐ ÑÐÐÐÑÐÐÐÐ --------
> ÐÑ: Nikolay S. <nowhere@xxxxxxxxxxxxxxxx>
> ÐÐÐÑ: bmcdowell@xxxxxxxxxxxxxxxxxx
> ÐÐÐÐÑ: netfilter@xxxxxxxxxxxxxxx
> ÐÐÐÐ: RE: ipv6 link local address
> ÐÐÑÐ: 	Tue, 07 Jun 2011 18:32:56 +0400
> 
> Ð ÐÑÑ, 07/06/2011 Ð 14:26 +0000, bmcdowell@xxxxxxxxxxxxxxxxxx ÐÐÑÐÑ:
> > I'm sorry, but that didn't parse.
> > 
> > I won't, what?
> > 
> > Skb's?
> 
> Ability to filter bridged frames with ip6tables :)

Sorry again :)
You will not loose ability to filter bridged frames with ip6tables.

> 
> > 
> > 
> > Bob McDowell
> > Network/Security Engineer 
> > Cox HealthPlans 
> > 
> > -----Original Message-----
> > From: Nikolay S. [mailto:nowhere@xxxxxxxxxxxxxxxx] 
> > Sent: Tuesday, June 07, 2011 9:24 AM
> > To: Bob McDowell
> > Cc: netfilter@xxxxxxxxxxxxxxx
> > Subject: RE: ipv6 link local address
> > 
> > Ð ÐÑÑ, 07/06/2011 Ð 12:44 +0000, bmcdowell@xxxxxxxxxxxxxxxxxx ÐÐÑÐÑ:
> > > Please understand that I do want to be able to use ip6tables to filter forwarded traffic.  I just do not want the interfaces speaking to anyone while they're doing their job.
> > > 
> > > Perhaps this example can explain it better than I have:  http://www.sjdjweis.com/linux/bridging/
> > > 
> > > 
> > > Thanks again.
> > > 
> > 
> > You won't. skb's are passed to ip6tables from bridge based on ipv6-
> > header, not the state of the protocol on slave device. And bridge itself
> > does not filter incoming frames by L3-header.
> > 
> > > 
> > > Bob McDowell
> > > Network/Security Engineer 
> > > Cox HealthPlans 
> > > 
> > > 
> > > -----Original Message-----
> > > From: Nikolay S. [mailto:nowhere@xxxxxxxxxxxxxxxx] 
> > > Sent: Tuesday, June 07, 2011 1:44 AM
> > > To: Bob McDowell
> > > Cc: netfilter@xxxxxxxxxxxxxxx
> > > Subject: Re: ipv6 link local address
> > > 
> > > 
> > > You can turn off ipv6 on interfaces. This should not prevent bridging
> > > ipv6, but will remove any ipv6 logic from them.
> > > 
> > > 
> > 
> > 
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux