On Mon, May 13, 2002 at 06:37:42PM +0300, Nick Fedchik wrote:
> Now I just try to block any icmp traffic by > iptables -I FORWARD -p icmp -i br0.169 -j ACCEPT. > But no any packets was not matched by iptables on br0.169. Sorry :( Packets aren't physically 'received' on br0.169 until they are passed up the stack, so using them in FORWARD will not work. If eth0.169 or eth1.169 are the devices that are enslaved to your bridge, you might try using those. If you just have eth0 and eth1 enslaved to your bridge, hope is pretty much lost, I'm afraid, until someone decides to restructure the bridge-nf code to deal with the VLAN code better. cheers, Lennert _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
