The below rules block the traffic from the secondary ips. > -A i-2-9-VM-in -p ARP --arp-ip-src ! 66.232.104.216 -j DROP > -A i-2-9-VM-out -p ARP --arp-ip-dst ! IPADDRESS.OF.INSTANCE -j DROP
you can either delete above rules or flush the chains. Thanks, Jayapal On 27-Apr-2013, at 5:05 AM, Maurice Lawler <maurice.law...@me.com> wrote: > Sorry... > > Could someone please remind me, the chain I would need to delete from > ebtables to permit traversing of a secondary IP on a specified instance? > > == Output from Ebtables == > > -A i-2-9-VM-in -s ! 6:2f:ca:0:0:c -j DROP > -A i-2-9-VM-in -p ARP -s ! 6:2f:ca:0:0:c -j DROP > -A i-2-9-VM-in -p ARP --arp-mac-src ! 6:2f:ca:0:0:c -j DROP > -A i-2-9-VM-in -p ARP --arp-ip-src ! 66.232.104.216 -j DROP > -A i-2-9-VM-in -p ARP --arp-op Request -j ACCEPT > -A i-2-9-VM-in -p ARP --arp-op Reply -j ACCEPT > -A i-2-9-VM-in -p ARP -j DROP > -A i-2-9-VM-out -p ARP --arp-op Reply --arp-mac-dst ! 6:2f:ca:0:0:c -j DROP > -A i-2-9-VM-out -p ARP --arp-ip-dst ! IPADDRESS.OF.INSTANCE -j DROP > -A i-2-9-VM-out -p ARP --arp-op Request -j ACCEPT > -A i-2-9-VM-out -p ARP --arp-op Reply -j ACCEPT > -A i-2-9-VM-out -p ARP -j DROP > > > I'd appreciate any assistance in this matter. > > >
