Matthew Palmer wrote: > > You need ebtables to manage bridge filtering, if I'm not mistaken. >
Only if you want to do link layer filtering. iptables works fine on a bridge. You can use pretty much any iptables script if you modify it to leave out the NAT rules and in the FORWARD chain replace -i/-o with -m physdev --physdev-in/physdev-out. If you use kernel 2.6.x, that is. For 2.4.x you can keep using -i/-o for the incoming/outgoing interfaces. But to do any filtering with iptables you will need the bridge-nf patch (which has been merged with the ebtables patch and is available at ebtables.sf.net) Ben -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
