Florian Westphal [mailto:f...@strlen.de] wrote: > Maybe, but if you broute everything you might as well just remove the > bridge... I want to be selective. My setup is a home router. So I can have ebtables rules for which traffic to (b)route and which to bridge, based on security/performance criteria.
> You can use -j redirect in ebtables broute table to force local MAC dnat > (this also 'fixes' the pkttype to _HOST) if you really want to broute. I may be missing something obvious, but what is the normal case where using an ebtables 'broute' "-j DROP" rule does work? It seemed to me that without the fix all (b)routed packets would get lost in IP layer (unless also dnat or something is done in addition which changes the pkt_type value). What is the original intention of this table/chain if not pulling packets between "other hosts" out of the bridge and passing them through the IP and higher layers? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
