Matthias Buecher / Germany <[email protected]> writes: > On 13.08.2009 11:08, Ferenc Wagner wrote: >> Matthias Buecher / Germany <[email protected]> writes: >> >>> The bridge firewalling is caused by CONFIG_BRIDGE_NETFILTER=y (bool), >>> which is enabled by kmod-ebtables. As it is bool it can not be >>> outsourced into an installable module. >> >> I wonder why it isn't possible to avoid loading ebtables... But can't >> check now, I'm mostly offline. > > ebtables is not installed/loaded (it's a module).
OK, so you don't actually load the ebtables module, and you don't expect iptables to filter your bridged traffic. Not unreasonable. > When compiling ebtables for OpenWrt, then CONFIG_BRIDGE_NETFILTER=y is > set, which enables bridge firewalling inside the kernel's netfilter (not > a module). I think it's more a problem that the default behaviour is subject to change between different OpenWRT builds. CONFIG_BRIDGE_NETFILTER should be y or n always, irrespective of kmod-ebtables, to avoid user confusion, in my opinion. Maybe it's indeed best to enable it in the kernel konfig, and disable by sysctl, as Matthias suggests. -- Cheers, Feri. _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
