On Wed, 30 Jan 2002, Lennert Buytenhek wrote:
> On Wed, Jan 30, 2002 at 12:34:17AM -0600, Chuck Bearden wrote: > [...] > > > David Whitmarsh's sample script > > (http://www.sparkle-cc.co.uk/firewall/rc.firewall.sh.txt) is > > interesting, but he only specifies his bridging interface (not either > > of the NICs) with '-i' in the rules governing traffic to his bridge. > > If you specify '-i br0', it will match traffic from all subinterfaces (i.e. > the combined effect of '-i eth0', '-i eth1', etc.) Excellent! I suspect that this is what I needed to know. > > Anyway, no packets from the outside ever match the br_ext or br_int > > rules, regardless of the interface they arrive on. All packets fall > > through to the '-i $BR_IF -j ACCEPT' rule. > > What if you log the packets with a LOG rule? You should see something > like this in your log output "IN=br0 PHYSIN=eth0" I verified my finding by checking byte/packet counters in 'iptables -nL --verbose' I will explicitly log and report results if I can't make your information from above work. Thanks for your work on Linux bridging! Best wishes, Chuck _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
