lots of oopses
Patrick McHardy
kaber at trash.net
Fri Aug 18 20:23:29 CEST 2006
Amin Azez wrote:
> Patrick McHardy wrote:
>
>> BTW, what is ipt_vlan?
>>
>
> I think I posted it here a year ago, but I'll do so again if you want it.
> It matches on vlan-id.
>
> It was said that strictly this is a layer 2 thing and not for iptables;
> I find it useful though;-
> which iptables rules should be applied may depend on vlan stuff, and
> sometimes it seems like there isn't enough mark to go around...
>
> I like the iptables/ebtables seperation but sometimes it seems like they
> should be able to share each-others matches, like one big happy table
> with a few extra points of inspection. Anyway...
Agreed. It should be possible for ebtables to use all iptables matches
looking only at packet data, but not necessarily the other way around.
Unfortunately ebtables is in large parts a copy of iptables, with just
enough differences to prevent it from using x_tables.
More information about the netfilter-devel
mailing list