Hi all, need help with a drop rule and nfqueue Currently i have this filter rule, that sends all traffic from the bridge bra to nfqueue (IPS System). -A FORWARD -i br0 -j NFQUEUE --queue-balance 0:3 --queue-bypass But i want to send there only certain traffic, example: -A FORWARD -i br0 -p udp -j NFQUEUE --queue-balance 0:3 --queue-bypass -A FORWARD -i br0 -p icmp -j NFQUEUE --queue-balance 0:3 --queue-bypass -A FORWARD ! -s 192.168.1.43/32 -i br0 -p tcp -m multiport ! --ports 80,443 -j NFQUEUE --queue-balance 0:3 --queue-bypass This will not work 100%. With this filter rules not all traffic go to the nfqueue. Therefore my question. How can i prevent that an IP address (example 192.168.1.43) to certain ports (80,443) comes to nfqueue. It is important that no traffic in br0 is lost. Thanks for any help here. Stefan -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
