On 12 March 2015 at 13:02, Stuart Shelton <srcshelton@xxxxxxxxx> wrote: > >> On 12 Mar 2015, at 11:24, Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx> wrote: >> >>> On 12 March 2015 at 01:11, Stuart Shelton <srcshelton@xxxxxxxxx> wrote: >>> >>> Right - I think I’ve fixed all of these… >> >> (Unrelated) >> >> Would give a try to nftables? It would be interesting for us to see >> how could you emulate the ebtables among extension with native >> nftables mechanisms. > > Good point - I want to be able to filter on both source and destination MAC addresses (for outbound and inbound traffic - and iptables can only handle source filtering), and using ebtables does require that I create single-interface bridges in order for it to take effect. > > nftables could be a much better solution, so long as its capabilities extend beyond what iptables offers. I'll look into it! > Great! Please, share your experience when you're done. best regards. -- Arturo Borrero González -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
