Hello David, Lennert, list,
> ARP filtering
>
> People should use ARP tables for arp filtering, that is why I wrote
> it. ARP filtering should not need to be bridge specific.
Well, a bridge can also just _bridge_ ARP packets between two sides of the
bridge. The ARP module can filter out those packets. These packets will not
pass through the ARP code of the Linux kernel. Ofcourse, the ebtables ARP
module can be easily adjusted for arptables, I will do this later if nobody
beats me to it... For the same reason, basic ebtables IP filtering is not
redundant.
> Next, has Lennert Buytenhek, the bridging maintainer, approved of your
> changes to the bridging layer APIs?
OK. This is to Lennert:
Could you please have a look at the ebtables patch located at
http://users.pandora.be/bart.de.schuymer/ebtables/v2.0/ebtables-v2.0_vs_2.5.34.diff
and approve the changes made to the bridging layer API? They are necessary to
make a brouter and to deal with bogus NETFILTER_DEBUG warnings if the option
is compiled in the kernel. Any questions will be gladly answered... Note that
the brouting facility has been working for atleast three months and it has
already been used in real-life situations, there's an example usage on the
ebtables homepage. Dealing with NETFILTER_DEBUG warnings consists of setting
nf_debug to zero when the netfilter hooks change from bridge hooks to some
other stack's hooks and vice versa. See the patch.
-- cheers, Bart- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Sep 15 2002 - 22:00:31 EST