On Sun, 2002-06-30 at 09:13, Patrick Schaaf wrote: > Hi Joe, > > > Does anyone know how netfilter deals with non-ip protocols? > > Yes. It doesn't deal with them at all, as delivered "out of the box". > > Here's a dump of what I know about the situation: > > - netfilter is a set of hooks placed in stratetic places in the L3 networking > stack. Right now there are hooks for IPv4, IPv6, ARP, and I think there's > also something for DecNET, which I don't now nothing about. > - the hooks are all _inside_ the L3 stack. > - iptables is a user of the hooks put into the IPv4 stack. > - ip6tables is a user of the hooks put into the IPv6 stack. > - arptables is a user of the hooks put into the ARP stack. > - there is a patch to place netfilter hooks into the bridge code, > which _may_ be capable of filtering by ethernet protocol type. > I have not used it or looked closely. See http://bridge.sourceforge.net/ > > I don't think that there is any code right now which is able to filter > on IPX or AppleTalk header fields.
http://users.pandora.be/bart.de.schuymer/ebtables/ Description: ethernet bridge tables this is another user of the netfilter hooks in the bridge code. And ebtables can filter on ethernet protocols and some simple ipv4 filtering aswell. -- /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience.
