> ebtables -F > ebtables -A FORWARD -p IPV4 --ip-dst xxx.xxx.xxx.xxx -j DROP, nothing > happens. Packets to that address are forwarded. > > And it doesn't make any difference if I use the same rule to INPUT > and OUTPUT too. > > Well, I will keep waiting for a help to solve the problem. > Thank you for your attention.
try ebtables -A FORWARD -p LENGTH -j DROP If I'm guessing right this should also stop the traffic (except ARP I guess). So my guess is you are using IP over 802.3 Ethernet, not over Ethernet II. If you know the Ethernet header: the Type Field is actually used as a Length Field. Currently the bridge-nf nor ebtables patches support IP filtering over 802.3 Ethernet. This is on the todo-list of ebtables ;) If this is not the case, maybe I can find out more if you give me ssh access to the box... Solutions: - switch network to Ethernet II, or - get someone to code support for 802.3. I'm willing to (figure out how to) code this (for bridge-nf and ebtables), but I can't test this on my network. So I would need your help _and_ patience. cheers, Bart _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
