Hi Joe, > Does anyone know how netfilter deals with non-ip protocols?
Yes. It doesn't deal with them at all, as delivered "out of the box". Here's a dump of what I know about the situation: - netfilter is a set of hooks placed in stratetic places in the L3 networking stack. Right now there are hooks for IPv4, IPv6, ARP, and I think there's also something for DecNET, which I don't now nothing about. - the hooks are all _inside_ the L3 stack. - iptables is a user of the hooks put into the IPv4 stack. - ip6tables is a user of the hooks put into the IPv6 stack. - arptables is a user of the hooks put into the ARP stack. - there is a patch to place netfilter hooks into the bridge code, which _may_ be capable of filtering by ethernet protocol type. I have not used it or looked closely. See http://bridge.sourceforge.net/ I don't think that there is any code right now which is able to filter on IPX or AppleTalk header fields. best regards Patrick
