RE: [Bridge] iptables

Tue, 18 Sep 2001 08:15:14 -0700

Title: RE: [Bridge] iptables

In a normal iptables implementation, you are correct. The forward chain is used for any packets passing through the box, while the input and output chains apply to packets from or to the iptables machine itself.  However, I thought that the bridging code would only use a chain that had been given the same name as the bridge, at least under ipchains. 

See this link:
http://www.bnhof.de/~uwe/bridge-stp-howto/BRIDGE-STP-HOWTO/advanced-bridge.html#IPCHAINS

Has this changed with iptables?  Or has the bridging code itself changed?


-----Original Message-----
From: sebastien Robart [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 10:28 AM
To: 'SinChanKeppel'
Cc: [EMAIL PROTECTED]
Subject: Re: [Bridge] iptables


-A forward, not input , i think.

seb


Munday, Merrick wrote:

> Don't you have to set up a chain with the same name as the bridge?
>
> Like so:
>
> iptables -N br0
> iptables -A br0 -s 203.1.2.0/24 -j DROP
>
> I thought that the built-in chains were not used with bridging ...
>
> --Merrick Munday
>
> -----Original Message-----
> From: SinChanKeppel [ mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 5:10 AM
> To: [EMAIL PROTECTED]
> Subject: [Bridge] iptables
>
>
> i have sattle the br_add_bridge problem...
> now i need to test the iptables..
>
> i do this
>
> brctl addbr br0
> brctl addif br0 eth0
> brctl addif br0 eth1
> ifconfig eth0 0.0.0.0
> ifconfig eth1 0.0.0.0
> ifconfig br0 203.1.1.1
>
> iptables -A INPUT -s 203.1.2.0/24 -j DROP
>
> but looks like the packets that come from 203.1.2.0/24 still can go
> through...
>
> my kernel is 2.4.7 and i have run through all the steps from
> http://bridge.sourceforge.net/devel/bridge-nf/HOWTO
>
>
> _______________________________________________________________
> Get FREE Email, Chat Rooms and Games at http://www.lovemail.com
> _______________________________________________
> Bridge mailing list
> [EMAIL PROTECTED]
> http://www.math.leidenuniv.nl/mailman/listinfo/bridge
>


_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge

Reply via email to