8 Jan
2015
8 Jan
'15
9:50 p.m.
On 08-01-2015 20:17, Leonid Isaev wrote:
The former. It applies to filtering traffic passing through the bridge. If the module is loaded and /proc/sys/net/bridge/bridge-nf-* == 1 then you should be able to manipulate traffic _inside_ the bridge using iptables FORWARD chain. If the module is not loaded, or the above files contain 0, then the bridge acts as a "dumb" switch. So, you can use the FORWARD chain to forward packets _between_ the bridge and some other interface.
Got it :) Thanks for the heads-up. I have always assumed the bridge would behave like a dumb switch since I'm not using ebtables but clearly I was wrong. If my setup breaks I'll know where to look first now :) -- Mauro Santos