Linux Ethernet Bridging - Mar 2008 - [Bridge] catching all packets on an interface

In a simple bridge design, eth0, eth1, bridged to br0,
what iptables rules would be needed to capture all of
the packets?

It looked like one in PREROUTING/mangle and
POSTROUTING/mangle would do it for all locally
delivered/received and passthru....

-Scott


     
____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

Hello, 

by capture I'm guessing you mean match?

With bridges and iptables i normally use physdev

iptables -I FORWARD -m physdev --physdev-in eth0 --physdev-out eth1

Hth,

Matt.

On Sat, Mar 15, 2008 at 04:50:39AM -0700, Scott MacKay
wrote:
> In a simple bridge design, eth0, eth1, bridged to br0,
> what iptables rules would be needed to capture all of
> the packets?
> 
> It looked like one in PREROUTING/mangle and
> POSTROUTING/mangle would do it for all locally
> delivered/received and passthru....
> 
> -Scott
> 
> 
>      
____________________________________________________________________________________
> Never miss a thing.  Make Yahoo your home page. 
> http://www.yahoo.com/r/hs
> _______________________________________________
> Bridge mailing list
> Bridge at lists.linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/bridge
-- 
Matt Richards
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.linux-foundation.org/pipermail/bridge/attachments/20080315/05776407/attachment.pgp