-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Stéphane, You need to use ebtables to get arp messages. iptables and ip6tables only get IP and IPv6 traffic. Mit freundlichen Grüßen/Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 14.02.2015 um 19:54 schrieb Stéphane Charette: > Is it possible to bind multiple address families in netfilter queue? > I see IPv4 show up in my queue, but not ARP. With error code removed, > here is how I'm calling nfq_bind: > > netfilterqueue_handle = nfq_open(); > netfilterqueue_queue = nfq_create_queue( netfilterqueue_handle, 0, > &q_callback, this ); > nfq_bind_pf( netfilterqueue_handle, AF_INET ); > nfq_bind_pf( netfilterqueue_handle, NF_ARP ); > > I'm thinking the more likely possibility is the iptable rules I'm > using to send traffic to the queue are too restrictive. Here are the > rules I have: > > # Generated by iptables-save v1.4.21 on Sat Feb 14 10:40:46 2015 > *nat > :PREROUTING ACCEPT [161:14105] > :INPUT ACCEPT [56:4995] > :OUTPUT ACCEPT [56:4496] > :POSTROUTING ACCEPT [56:4496] > -A POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE > COMMIT > # Completed on Sat Feb 14 10:40:46 2015 > # Generated by iptables-save v1.4.21 on Sat Feb 14 10:40:46 2015 > *filter > :INPUT ACCEPT [1017:217421] > :FORWARD DROP [53:2307] > :OUTPUT ACCEPT [934:211104] > :MYRA - [0:0] > -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j MYRA > -A FORWARD -s 10.0.1.0/24 -o eth0 -m conntrack --ctstate NEW -j MYRA > -A MYRA -j NFQUEUE --queue-num 0 --queue-bypass > COMMIT > # Completed on Sat Feb 14 10:40:46 2015 > > Do I have to add another FORWARD line to get ARP to jump to MYRA? > What would it look like? > > Thanks in advance. > > Stéphane Charette > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJU3558AAoJEDg5KY9j7GZY6ZUP/R1uyq5YGpNnnP7978/2R58c Nv8DLoTu8kOIRQye6IxfFiHDWHoSL3y+kclalhpbOqpkbqUWXDtV6/dr+oTFTPDN y9AbrtQyRIisGtceGRSibOlYx5J6hEYrg9vNlr7U0Jxx+a4q+GO02MxfFjBLnKNI qsVjRDnFPzwfmmmIFdZgychUA+TWYivciWi6bgYZ8aDaaxgsj6ff33NKmhNvoCjN 7+1ReL/W6b7O9w6awGZnkJ/HQ9QCZIouRrDtwBpn6nOiCDhTbFNDRbcJo9LnsuVG rNfLPaEqslcm/QS1m21dE7p66uRHyQhFbJcH9Ch8uM8i+Mx3sJGR+AWGn9clB06U hYp9+LHgUKvVuiW0Y+Ak/VYdmoF9AR3ZgJ8BT1Xmk7/dXg4s6+CamYCjG3MJ/qCy O6LKzXi7npFSAapRuL/P89IlEDTAMllBnzgs/IleOD6sx22435vjwDyc4WUI6ZuM PA+BQchXvwcS1KGm1exwC0t2vzX8Uucp1hgUyqo1FsWBTz3OhLQtsAoJckuedN35 Bo3b3fQmI/L48tqlohuna8DIfrpPPMnzkD+/7AekN71zLAHmXW95xFEeFztw0sPQ pX9Tb5hJ8N2U8v/YDKmpRIpkg3Z7CPhHSeNHykoocNy+OAPNYunXhJYac3ps8X5z SfkmUr7v3dr8nf4RgJGs =BNeU -----END PGP SIGNATURE----- -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
