From: "Nikolay S." <nowhere@hakkenden.ath.cx>
To: bmcdowell@coxhealthplans.com
Cc: netfilter@vger.kernel.org
Subject: RE: ipv6 link local address
Date: Tue, 07 Jun 2011 18:32:56 +0400 [thread overview]
Message-ID: <1307457176.23737.12.camel@hakkenden> (raw)
In-Reply-To: <92A9C99A1E5FF14F8538DDEE14996A52033898@chp-exg.coxhp.com>
В Втр, 07/06/2011 в 14:26 +0000, bmcdowell@coxhealthplans.com пишет:
> I'm sorry, but that didn't parse.
>
> I won't, what?
>
> Skb's?
Ability to filter bridged frames with ip6tables :)
>
>
> Bob McDowell
> Network/Security Engineer
> Cox HealthPlans
>
> -----Original Message-----
> From: Nikolay S. [mailto:nowhere@hakkenden.ath.cx]
> Sent: Tuesday, June 07, 2011 9:24 AM
> To: Bob McDowell
> Cc: netfilter@vger.kernel.org
> Subject: RE: ipv6 link local address
>
> В Втр, 07/06/2011 в 12:44 +0000, bmcdowell@coxhealthplans.com пишет:
> > Please understand that I do want to be able to use ip6tables to filter forwarded traffic. I just do not want the interfaces speaking to anyone while they're doing their job.
> >
> > Perhaps this example can explain it better than I have: http://www.sjdjweis.com/linux/bridging/
> >
> >
> > Thanks again.
> >
>
> You won't. skb's are passed to ip6tables from bridge based on ipv6-
> header, not the state of the protocol on slave device. And bridge itself
> does not filter incoming frames by L3-header.
>
> >
> > Bob McDowell
> > Network/Security Engineer
> > Cox HealthPlans
> >
> >
> > -----Original Message-----
> > From: Nikolay S. [mailto:nowhere@hakkenden.ath.cx]
> > Sent: Tuesday, June 07, 2011 1:44 AM
> > To: Bob McDowell
> > Cc: netfilter@vger.kernel.org
> > Subject: Re: ipv6 link local address
> >
> >
> > You can turn off ipv6 on interfaces. This should not prevent bridging
> > ipv6, but will remove any ipv6 logic from them.
> >
> >
>
>
next prev parent reply other threads:[~2011-06-07 14:32 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-06 19:35 [2:656]? bmcdowell
2011-06-06 19:57 ` [2:656]? John Lister
2011-06-06 19:59 ` [2:656]? bmcdowell
2011-06-07 9:02 ` [2:656]? Jan Engelhardt
2011-06-07 12:41 ` [2:656]? bmcdowell
2011-06-07 6:44 ` ipv6 link local address Nikolay S.
2011-06-07 7:06 ` Erik Schorr
2011-06-07 7:12 ` Nikolay S.
2011-06-07 9:04 ` Jan Engelhardt
2011-06-07 9:24 ` Erik Schorr
2011-06-07 9:24 ` Jan Engelhardt
2011-06-07 9:35 ` AW: " Fiedler Roman
2011-06-07 12:44 ` bmcdowell
2011-06-07 14:23 ` Nikolay S.
2011-06-07 14:26 ` bmcdowell
2011-06-07 14:32 ` Nikolay S. [this message]
2011-06-07 16:50 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1307457176.23737.12.camel@hakkenden \
--to=nowhere@hakkenden.ath.cx \
--cc=bmcdowell@coxhealthplans.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.