similar to: [Bridge] ebtables

In the past when I said: ebtables -A INPUT -p 0x828 -j DROP !!DOES NOT WORK!! ebtables -A INPUT -p 0x800 -j DROP !!WORKS!! Group members told me that: > What you need to do is register your function > on the existing NF_BR_PRE_ROUTING hook, with a priority number lower than > that of the ebtables nat PREROUTING chain (prio=NF_BR_PRI_NAT_SRC). ebt INPUT | | ebt

Hi, I found this block of code in br_dev_queue_xmit() @ br_forward.c, after applying 'netfilter' patch for 2.4.21 kernel Can someone explain what this block of code is doin? #ifdef CONFIG_NETFILTER if (skb->nf_bridge) memcpy(skb->data - 16, skb->nf_bridge->hh, 16); #endif 1. What is 16 bytes here...? Ethernet hdr is just 14 bytes 2. Why the ethernet

Hi! The Netfilter project presents: ebtables 2.0.11 ebtables is the userspace command line program used to configure the Linux 2.4.x and bridge packet filtering ruleset. It is targeted towards system administrators. NOTE: This is a release of legacy software. Patches may still be accepted and pushed out to the git repository, which will remain active and accessible as usual although

Hi all, The patch below does four trivial changes and one big change Trivial changes, these are all in br_netfilter.c: - check ar_pln==4 when giving bridged ARP packets to arptables - delete unnecessary if in br_nf_local_in - add more logging for the "Argh" message - add some brag-comments in the file head comment Big change: let {ip,arp}tables see VLAN tagged {I,AR}P packets. This

Hi, At http://sourceforge.net/projects/ebtables/ you can find the following new releases: ebtables-brnf-3-vs-2.4.22 Changes: - let iptables see VLAN tagged IP traffic - bugfix for queued packets that get mangled in userspace - ebt_among module (Grzegorz Borowiak) - ebt_limit module (Tom Marshall) The patch compiles but I've done no further tests, but I probably didn't screw up.

Hi Dave, Please apply this compiler warning fix from Randy. Signed-off-by: Bart De Schuymer <bdschuym@telenet.be> Signed-off-by: Randy Dunlap <rddunlap@osdl.org> diff -Naurp ./net/bridge/netfilter/ebt_ulog.c~brnetf_types ./net/bridge/netfilter/ebt_ulog.c --- ./net/bridge/netfilter/ebt_ulog.c~brnetf_types 2005-01-10 10:38:40.531343592 -0800 +++ ./net/bridge/netfilter/ebt_ulog.c

I would like to set up an ACL for an ethernet port using ebtables rules, and if a security violation occurs, to physically disable the port (i.e. whatever "ifconfig down" does). I did not see such a feature in the ebtables man page. Does this exist anywhere, or do I have to create a new extension for it? -- Dan Eble <dane@aiinet.com> _____ . | _

https://bugzilla.netfilter.org/show_bug.cgi?id=1432 Bug ID: 1432 Summary: ebtables ebtables-2.0.11 buffer overflow on getting kernel data ( ebtables compiled with address sanitizer) Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status:

https://bugzilla.netfilter.org/show_bug.cgi?id=1481 Bug ID: 1481 Summary: [ebtables-nft] ebtables -E gives error Product: iptables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables Assignee:

An earlier variant of your patch was applied already, included below. You'll need to submit the newer parts relative to the current tree. diff-tree 7ad4d2f6901437ba4717a26d395a73ea362d25c6 (from b8282dcf0417bbc8a0786c129fdff9cc768f8f3c) Author: Jayachandran C <c.jayachandran@gmail.com> Date: Tue Apr 11 17:25:38 2006 -0700 [BRIDGE] ebtables: fix allocation in

https://bugzilla.netfilter.org/show_bug.cgi?id=1723 Bug ID: 1723 Summary: ebtables-nft help output woes Product: ebtables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: ebtables-nft Assignee: pablo at netfilter.org

Add a new constant ETH_P_802_3_MIN, the minimum ethernet type for an 802.3 frame. Frames with a lower value in the ethernet type field are Ethernet II. Also update all the users of this value that David Miller and I could find to use the new constant. Also correct a bug in util.c. The comparison with ETH_P_802_3_MIN should be >= not >. As suggested by Jesse Gross. Compile tested only.

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to ?__read_overflow2_field? declared with attribute warning: detected read beyond

Hi bridge list: Bart de Schuymer suggested that this question might be better placed on this list rather than in the ebtables area. So here it is : ================================================================= Hi listers: I am a relative Penquin Newcomer, and I am (therefore?) encountering problems trying to setup a simple bridge/firewall between two vlans sharing portions of the same