2.6.12: connection tracking broken?
Patrick McHardy
kaber at trash.net
Thu Jun 23 05:31:39 CEST 2005
On Thu, 23 Jun 2005, Carl-Daniel Hailfinger wrote:
> Herbert Xu schrieb:
>>
>> 3) After a set period (say a year or so) we remove ipt_physdev altogether.
>
> For my local setup it is already a minor PITA that there is no tool
> combining the functionality of arptables, ebtables and iptables, but
> I can cope with the help of marking and ipt_physdev. If that doesn't
> work reliably anymore, I'll be stuck.
You would still be able to mark packets in iptables and match on that
mark in ebtables, where filtering on the bridge port can be performed.
> Wasn't someone working on a unified framework for *tables? IIRC that
> would have been pkttables, but Harald(?) said there was not much
> code there yet.
Not much has changed AFAIK, but pkttables wouldn't change the fact
that the bridge port isn't available at the IP layer.
Regards
Patrick
More information about the netfilter-devel
mailing list