Ah great I did not realize you could use physdev on both. My need was to pass all packets which go thru the interface to QUEUE for mangling or at least investigation (so ideally after fragments are recombined and such).
I saw a nice flow diagram (http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png) showing the interactions of bridged packets and normal iptables flow. It *seemed* like prerouting/postrouting caught all local/passthru packets coming in/out of the interface, so maybe: iptables -I PREROUTING -m physdev --physdev-in eth0 -t mangle -j QUEUE iptables -I POSTROUTING -m physdev --physdev-out eth0 -t mangle -j QUEUE ? -Scott --- Matt Richards <[EMAIL PROTECTED]> wrote: > Hello, > > by capture I'm guessing you mean match? > > With bridges and iptables i normally use physdev > > iptables -I FORWARD -m physdev --physdev-in eth0 > --physdev-out eth1 > > Hth, > > Matt. > > On Sat, Mar 15, 2008 at 04:50:39AM -0700, Scott > MacKay wrote: > > In a simple bridge design, eth0, eth1, bridged to > br0, > > what iptables rules would be needed to capture all > of > > the packets? > > > > It looked like one in PREROUTING/mangle and > > POSTROUTING/mangle would do it for all locally > > delivered/received and passthru.... > > > > -Scott > > > > > > > ____________________________________________________________________________________ > > Never miss a thing. Make Yahoo your home page. > > http://www.yahoo.com/r/hs > > _______________________________________________ > > Bridge mailing list > > [email protected] > > > https://lists.linux-foundation.org/mailman/listinfo/bridge > > -- > Matt Richards > > _______________________________________________ > Bridge mailing list > [email protected] > https://lists.linux-foundation.org/mailman/listinfo/bridge ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs _______________________________________________ Bridge mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/bridge
