Jamie Cockburn a écrit : > > Couple of follow-up question then! All the answers (and much more) are in the ebtables manpage. > 1: Do you know if by the time it reaches ebtables -> filter -> output that the packet will have a PHYSOUT (or equivalent) set? Yes. See man ebtables, -o. > 2: Will I be able to differentiate between packets for eth0 and eth1 (when the bridge doesn't know which specific interface it should send it on). Yes. The bridge knows where it sends packets. > 3: I'm guessing that by the time the packet hits ebtables -> filter -> output, that it will have lost its IN/PHYSIN? Yes. See man ebtables, -i. > 4: If that is the case, would something like this work: > - In iptables -> filter: -A FORWARD -i eth2 -o br0 -j MARK --set-mark 1234 > - In ebtable -> filter: -A OUTPUT -physdev-out eth0 --m mark --mark 1234 -j DROP Yes. See man ebtables, mark. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
