My ebtables expert says DROP breaks the packet out of bridge mode so it can normally routed and processed by iptables. ACCEPT sends the packet on through the bridge, which is not useful for ATS.
Thursday, May 24, 2012, 8:02:18 AM, you wrote: > Mr. Alan, > I'm confused with your ebtables rules : > ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 \ > -j redirect --redirect-target DROP > ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 \ > -j redirect --redirect-target DROP > While others use : > ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 \ > -j redirect --redirect-target ACCEPT > ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 \ > -j redirect --redirect-target ACCEPT > Please advice.
