Bart,
> > ebtables -F
> > ebtables -A FORWARD -p IPV4 --ip-dst xxx.xxx.xxx.xxx -j DROP,
> > nothing happens. Packets to that address are forwarded.
> >
> > And it doesn't make any difference if I use the same rule to
> > INPUT and OUTPUT too.
>
> try ebtables -A FORWARD -p LENGTH -j DROP
>
> If I'm guessing right this should also stop the traffic (except ARP
> I guess). So my guess is you are using IP over 802.3 Ethernet, not
> over Ethernet II. If you know the Ethernet header: the Type Field is
> actually used as a Length Field.
> Currently the bridge-nf nor ebtables patches support IP filtering
> over 802.3 Ethernet. This is on the todo-list of ebtables ;)
As the time I received this email I had already deleted the ebtables
patch to do other tests from a "clean" kernel tree. I will compile it
again to try your suggestion. I confess that I don't know how to check
what kind of ethernet frame I am using. I have read about this using
IPX and there are some utils to configure interfaces that shows the
type of frame. I will improve my knowledge about this to try to find
the information you asked.
> Solutions:
> - switch network to Ethernet II, or
> - get someone to code support for 802.3.
> I'm willing to (figure out how to) code this (for bridge-nf and
> ebtables), but I can't test this on my network. So I would need your
> help _and_ patience.
I really hope that you get successfull coding this. I think that a
bridge+firewall is a great and powerful device.
I don't know how can I help you because my resources (computers,
network and knowledge) are very limited but, I will do my best.
Thank you for your attention.
Cheers,
Freitas
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
