[firewall context] packet presentation for dual WAN interfaces on the same link - eth <> pppoe?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [firewall context] packet presentation for dual WAN interfaces on the same link - eth <> pppoe?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Date: Sat, 8 Feb 2020 16:03:53 +0000
- Reply-to: vtol@xxxxxxx
- User-agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
With a subscriber line where the ISP has implemented PPPoE there are two
WAN interfaces present in the CPE's network stack:
* ethX
* PPPoE-X
It seems that each interface is treated separately (netdev), as opposed
to collaboratively, and require in firewall context separate rules
(duplicated) for each interface - is that a correct assumption?
Asking because noticed that with a global drop rule and certain packet
types specifically accepted on ethX the same packets are then being
dropped on PPPoE-X.
In which interface order are the packets presented for inspection to
netfilter - fist on ethX and then again on PPPoE-x or vice versa?
And whatever the order - is it the same on egress as it is on ingress or
is the order inverted with opposite flow direction?
[Index of Archives]
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Netem]
[Berkeley Packet Filter]
[Linux Kernel Development]
[Advanced Routing & Traffice Control]
[Bugtraq]