Hello,
I have such topology (where BR1 is a Linux bridges)
BR1
+--------+ +-----+ +--------+
| | STP+TC | | | |
| Cisco | -----> eth1|-->X |eth2 | Cisco |
| Switch +--------------+ +----------+ Switch |
| | -----> | --> | -----> | |
+--------+ STP +-----+ STP +--------+
and I want to block propagation of the config STP frames only when
its bit of topology-change (TC) is set in 1 while allowing passing
other STP frames.
If I correctly understand I shall use the following rule on BR1:
# ebtables -A FORWARD -i eth1 -d BGA --stp-flags 1 -j DROP
but it does NOT seem to work: the tcpdump output on the eth2 still
shows STP config message with the TC bit.
Moreover, even the rule counters are never change:
# ebtables -L --Ln --Lc
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 1, policy: ACCEPT
1. -d BGA -i eth1 --stp-flags topology-change -j DROP , pcnt = 0 -- bcnt = 0
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
always showing pcnt = 0 -- bcnt = 0.
Could somebody point out where I am going wrong?
Thanks in advance,
Maksim.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
