On Tuesday 2011-06-07 16:23, Nikolay S. wrote: >Ð ÐÑÑ, 07/06/2011 Ð 12:44 +0000, bmcdowell@xxxxxxxxxxxxxxxxxx ÐÐÑÐÑ: >> Please understand that I do want to be able to use ip6tables to filter forwarded traffic. I just do not want the interfaces speaking to anyone while they're doing their job. >> >> Perhaps this example can explain it better than I have: http://www.sjdjweis.com/linux/bridging/ >> >> >> Thanks again. >> > >You won't. skb's are passed to ip6tables from bridge based on ipv6- >header, not the state of the protocol on slave device. And bridge itself >does not filter incoming frames by L3-header. Usually does not, but can (ebtables --ip6-source ...). -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
