Hi guys, I'd like to move to nftables (Ubuntu trusty, kernel 3.19). So far it works quite well, however I wonder how to migrate these ebtables rules: -p ARP --arp-op Request --arp-ip-dst 192.168.178.237 -j ACCEPT -p ARP --arp-op Reply --arp-ip-dst 192.168.178.237 -j ACCEPT -j DROP -p ARP --arp-op Request --arp-ip-src 192.168.178.237 --arp-mac-src 2:fb:c5:e0:ef:a3 -j ACCEPT -p ARP --arp-op Reply --arp-ip-src 192.168.178.237 --arp-mac-src 2:fb:c5:e0:ef:a3 -j ACCEPT -j DROP They are used to prevent ARP spoofing of qemu quests using tap devices on the host. The rule "nft add rule bridge filter qemu1-o arp operation request counter accept" works, however I have no idea how to add the ip/mac contraints to the rule. Thanks for any help. :) Cheers Corin -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
