On Tuesday 2011-06-07 22:14, Maximilian Wilhelm wrote: >The bridge-nf-hooks are disabled via sysctl: > >net.bridge.bridge-nf-call-arptables = 0 >net.bridge.bridge-nf-call-iptables = 0 >net.bridge.bridge-nf-call-ip6tables = 0 I suspect that is your problem. Disabling nf-call would seem to not run the NF_IP6_PRI_CONNTRACK hook, and as such not track particular connections/packets delivered over a bridge. (Thus, all those pkts are classified as INVALID.) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
