Hi All, I tried using arptables on a linux internet gateway to filter out packets that have the source MAC address of the internet connected interface but not its IP address (see below). I didn't get any hits, although I now there were packets matching the rule. The same rule in the OUTPUT chain works as expected (by me at least) . Is there something else I need to do to use the FORWARD chain? I'm running kernel 2.6.32. arptables -I FORWARD 1 -o eth0.164 --source-mac 00:24:E6:00:00:3E -s ! 25.34.56.78 -j DROP arptables -I OUTPUT 1 -o eth0.164 --source-mac 00:24:E6:00:00:3E -s ! 25.34.56.78 -j DROP-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
