Sorry for my late answer, I thought I sent it but it was left in drafts folder
The ruleset is like that
root@device:~# ebtables -t broute -L
Bridge table: broute
Bridge chain: BROUTING, entries: 18, policy: DROP
-d fc:e3:3c:87:aa:3b -i eth0 -j ACCEPT
-d 33:33:ff:87:aa:3b -i eth0 -j ACCEPT
-p 0x88f7 -d Broadcast -i eth0 -j ACCEPT
-d fc:e3:3c:87:aa:3b -i eth0.16 -j ACCEPT
-d 33:33:ff:87:aa:3b -i eth0.16 -j ACCEPT
-p 0x88f7 -d Broadcast -i eth0.16 -j ACCEPT
-d fc:e3:3c:87:aa:3b -i eth1 -j ACCEPT
-d 33:33:ff:87:aa:3b -i eth1 -j ACCEPT
-p 0x88f7 -d Broadcast -i eth1 -j ACCEPT
-d fc:e3:3c:87:aa:3b -i eth1.16 -j ACCEPT
-d 33:33:ff:87:aa:3b -i eth1.16 -j ACCEPT
-p 0x88f7 -d Broadcast -i eth1.16 -j ACCEPT
-d fc:e3:3c:87:aa:3b -i eth2 -j ACCEPT
-d 33:33:ff:87:aa:3b -i eth2 -j ACCEPT
-p 0x88f7 -d Broadcast -i eth2 -j ACCEPT
-d fc:e3:3c:87:aa:3b -i eth2.16 -j ACCEPT
-d 33:33:ff:87:aa:3b -i eth2.16 -j ACCEPT
-p 0x88f7 -d Broadcast -i eth2.16 -j ACCEPT
root@device:~# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.fce33c87aa3b no eth0
eth0.16
eth1
eth1.16
eth2
eth2.16
On Tue, 20 Nov 2018 at 11:09, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>
> On Tue, Nov 20, 2018 at 10:42:42AM +0100, Sergey Venkov wrote:
> > > > I tried to set BROUTING-specific rules using both ntf and iptables
> > > > version of ebtables but didn't succeed.
> > >
> > > Right, this isn't implemented at the moment,
> > > this facility is very much bridge specific.
> > >
> > > What is your use case?
> > > It might help figure out how to implement this properly.
> >
> > The use case is brouter with DROP default policy and some ethertypes
> > and ipv6 addresses allowed to the bridge interface.
>
> Can you share with us an example ruleset of your setup?
>
> Thanks.
