On Wednesday 2011-12-21 14:48, Steve Hill wrote: > On 21/12/11 13:30, Jan Engelhardt wrote: > >> Mark the packets leaving on brX with iptables, then use ebtables to check >> for the physical interface plus the mark. > >At mark-time I wouldn't actually know where the packet is going, so wouldn't >know what criteria to mark based on... Yes you do know where it is going; the route is set on FORWARD/OUTPUT (see nf-packet-flow.svg), therefore, you can mark, and as for the bridge phys interface, it too will be set at one point, at which time you can check the mark. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
