On 08-01-2015 18:57, Leonid Isaev wrote:
BTW, to those updating, one notable (at least from my perspective) change with 3.18.y is the new module br_netfilter responsible for filtering traffic coming through a bridge. This module is not loaded automatically, so no firewall is enabled by default in bridges. Here is a dmesg snippet: --- kernel: [ 23.690774] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this. ---
I'm not sure I'm reading it right and a quick google search doesn't turn up much besides this[1]. Does this apply to filtering via iptables (traffic from/to localhost to/from machines on the bridge) or more specifically to ebtables (filter traffic between machines on the bridge)? [1] http://ebtables.netfilter.org/documentation/bridge-nf.html -- Mauro Santos