In the past when I said:
ebtables -A INPUT -p 0x828 -j DROP !!DOES NOT WORK!!
ebtables -A INPUT -p 0x800 -j DROP !!WORKS!!
Group members told me that:> What you need to do is register your function
> on the existing NF_BR_PRE_ROUTING hook, with a priority number lower than
> that of the ebtables nat PREROUTING chain (prio=NF_BR_PRI_NAT_SRC).
ebt INPUT
|
|
ebt (PREROUTING)------Bridging-----ebt (FORWARD)
I think my code is decapsulating (changing eth hdr) before INPUT chain
is traversed. So, I am confused as to what the priority number should
be.
Since encap/ decap functions are called by main code. If the prio is
Lower than NF_BR_PRI_NAT_SRC, encapsulation is taking place even before
ebt-PREROUTING chain is traversed. So is decapsulation.
Then I don't think I could filter the packets in the above fashion using
protocol 0x828.
So, I am wondering what is the right prio to choose. It is important I
have a right piority.
Thanks in advance,
-Raj