On 08/02/2020 16:03, ѽ҉ᶬḳ℠ wrote:
With a subscriber line where the ISP has implemented PPPoE there are
two WAN interfaces present in the CPE's network stack:
* ethX
* PPPoE-X
It seems that each interface is treated separately (netdev), as
opposed to collaboratively, and require in firewall context separate
rules (duplicated) for each interface - is that a correct assumption?
Asking because noticed that with a global drop rule and certain packet
types specifically accepted on ethX the same packets are then being
dropped on PPPoE-X.
In which interface order are the packets presented for inspection to
netfilter - fist on ethX and then again on PPPoE-x or vice versa?
And whatever the order - is it the same on egress as it is on ingress
or is the order inverted with opposite flow direction?
With only PPPoE-X in the FIB that sorts it then. ethX still a good place
to drop undesired traffic earlier with the netdev family.
