Hello Lennert Buytenhek, Tuesday, May 14, 2002, 4:56:53, you wrote: LB> On Mon, May 13, 2002 at 06:37:42PM +0300, Nick Fedchik wrote:
>> Now I just try to block any icmp traffic by >> iptables -I FORWARD -p icmp -i br0.169 -j ACCEPT. >> But no any packets was not matched by iptables on br0.169. LB> Sorry :( LB> Packets aren't physically 'received' on br0.169 until they LB> are passed up the stack, so using them in FORWARD will not LB> work. As I understand, raw frames received by phys. interface (ethX), then "...they are passed up the stack..." to bridge interface (brX)? Next is to divide tagged and untagged frames (when VLAN is configured) and pass tagged frames to appropriated VLAN interface (vlanXXXX)? LB> If eth0.169 or eth1.169 are the devices that are enslaved LB> to your bridge, you might try using those. So I must first to bind VLAN 169 to the physical devices (eth0 and eth1), then enslave eth0.169 and eth1.169 to another bridging device, br1.169? Ok, I will try to check this method... reporting after that LB> If you just have eth0 and eth1 enslaved to your bridge, LB> hope is pretty much lost, :( LB> I'm afraid, until someone decides to restructure the LB> bridge-nf code to deal with the VLAN code better. I'm afraid too... Unfortunately I'm not a "kernel code digger" :( but now I must to do someone. Are You mailing with Ben Greear about VLAN code for bridge-nf? I was read http://www.sparkle-cc.co.uk/firewall/firewall.html and I sure is a good idea to do fine reference (howto/man) with illustrations like that URL -- Best regards, Nick Fedchik FNM3-RIPE mailto:[EMAIL PROTECTED] _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
