Hi,
I would like to use nftables instead of {eb,ip,ip6,arp}tables on my router,
but I'm not sure it's possible to do a "trick" ebtables can do with the
BROUTING hook. I did a search engine query for "nftables BROUTING" but not
much came up that deals with the problem. I also tried to translate the
ebtables rule to nftables but that didn't work either. What I'm trying to
do with nftables is to drop all non IPv6 traffic to the underlying bridged
interfaces. With ebtables you can do:
ebtables -t broute -A BROUTING -p ! ipv6 -j DROP
The non-IPv6 traffic won't be really discarded but will be routed to the
underlying interfaces. This allows to have NAT'ed IPv4 as usual and a
bridge for IPv6. No need for hacks to proxy NDP traffic from the upstream
ISP router with this setup. nftables doesn't seem to be able to use the
BROUTING hook. But perhaps there's another way to achieve the same thing?
Regards,
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
