Would the following work ebtables -A INPUT -i eth0.10 -o eth1 -j DROP <-------- Block eth0.10 vlan from sending traffic to eth1 ebtables -A INPUT -i eth0.+ -o eth1 -j DROP <------ BLock all vlans from sending traffic to eth1 On Fri, Oct 7, 2011 at 2:52 PM, Marek Kierdelewicz <marek@xxxxxxxxx> wrote: > Hi, > >>I am thinking that the two interfaces on the Linux box will be bridged >>(in transparent mode) and when traffic passes through the linux box >>the vlan 802.1q tag can be removed and then the traffic goes to the >>Is my thinking correct? Will this work? What all do I need to be >>aware of and are there any current examples that point to what I am >>trying to do??? I am very new to netfilter and ebtables (I found out >>about it last night). > > Your idea should work. > > Let's assume that "south" interface of Linux bridge on your diagram is > eth0 and "north" is eth1. > > You can bridge all eth0.X vlan interfaces and eth1 to single bridge > with stp off. You should probably filter traffic on that bridge > and allow anything but eth0.x <-> eth1. It's also a good thing to setup > filtering ruleset before you start bridging (l'oops :). > > I've similar solution working very well in production environment. It > involves providing pppoe on multiple vlans. > > If you need any more implementation details please feel free to ask on > prv. > > Best regards, > Marek Kierdelewicz > -- -- *--*--*--*--*--* Duane *--*--*--*--*--* -- -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
