Hello, Dan Osawa a écrit : > > iptables -A OUTPUT -p udp --dport 7000 -m physdev --physdev-out eth0 -j DROP > > Doing the above results in an error: *xt_physdev: using --physdev-out > in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic > is not supported anymore.* Weird message. I wonder how bridged traffic could ever reach the OUTPUT chain... > So i tried the following: > > iptables -F > > iptables -A OUTPUT -p udp --dport 7000 -m physdev --physdev-out eth0 > --physdev-is-bridged -j DROP > > The above doesn't fail, but also doesn't suppress the packets. > > Any suggestions? Am I way off in thinking that IP tables can do this? > Do I need to use etables instead? Yes. At the time iptables handles the packet, the output port is not known yet. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
