Hi Stephen,
Thanks for your prompt response.
What I wanted to tell was:
the following cmd DOES NOT WORK..(here 0x828 is my protocol no. that
encapsulates the IP data, like VLAN)
ebtables -A INPUT -p 0x828 -j DROP
BUT the following does work...
ebtables -A INPUT -p 0x800 -j DROP
So, ebtables is not seeing the frame before decapsulation. For that as
Bart schuymer said I need to register my function on NF_BR_PRE_ROUTING
with lower priority.
I don't want any new filter table or extension modules.
I only want the ability to do regular stuff like:
ebtables -A INPUT -p 0x828 -j DROP
So, do you think I still need to create a module.? or
get away editing some stuff..?
PS: OUTPUT and FORWARD chains work..I didn't check for
prerouting, postrouting yet.
Thanks in advance,
Raj
