----- Original Message ----- From: "indra g. harijono" <[EMAIL PROTECTED]> To: "Lennert Buytenhek" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, January 31, 2002 6:39 PM Subject: RE: [Bridge] Bridge and netfilter patch
> Oops guys, I am so sorry with my miserable quote style ... > thank you Lennert for your prompt reply. > Let me restate my problem below. > Yes, I would like to filter several times. > maybe I need to study netfilter architecture deeper. I thought netfilter > including iptables indeed handle the chains input-forward-output as opposite > of what you mentioned above. That's not true. If you don't believe Lennert, try it with some logging rules in iptables. To be exact, routed packets go prerouting->forward->postrouting. > My problem is I would like to filter in the bridge level, let's say every > (IP) packets with destination of host X.X.X.X, when I find those packets, I > would like those packets to be stolen and passed to ip stack, and there I > would like to write an iptable rules to filter e.g. only packets with port > number 21 and matched (dealt) with my module or delivered to my application > using the iptable queue. Unfortunately I still do not have a configuration > or source code to show it (maybe in several weeks would be possible). But > whatever the cases are, I would like to filter the packets several times on > different level (bridge/routing). Why can't your module work on the bridged packet?? cheers, Bart _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
