All of lore.kernel.org
 help / color / mirror / Atom feed
From: zhengchuanbo <zhengcb@netpower.com.cn>
To: netfilter-devel@lists.netfilter.org
	<netfilter-devel@lists.netfilter.org>
Subject: how to filter tagged frames of different vlanid in one bridge?
Date: Wed, 8 Jan 2003 9:41:32 +0800	[thread overview]
Message-ID: <200301080937906.SM01092@zhengcb> (raw)

we use linux as our firewall. the firewall worked at bridge mode. it is connected to the trunk port of the switch. what we want to do is to filter the vlan tagged frames(802.1Q) by ip address.i tried two methods:
	
1.by ebtables
	ebtables can filter 802.1Q protocol. but it can not filter by ip address. it can only filter the ip address when the protocol is IPV4. i wish i could do the job by ebtables.
2.by bridge-nf patch and vconfig
	i can filter by ip address to certain tagged frames. i did it like this,
		/sbin/vconfig add eth0 2
		/sbin/vconfig add eth1 2
       	ifconfig eth0.2 up
		ifconfig eth1.2 up
		brctl addbr br0
		brctl addif eth0.2
		brctl addif eth1.2
	after i applied the patch bridge-nf,netfilter works for the vlan frames. the problem is we have many vlans(more than ten). so i have to build a bridge for all the vlans. 

	so what i want to do is to filter the tagged frames of differen vlans in the same bridge. i can't find a way to do that. is there some solution to that?	
	
thanks in advance. please cc.

regards,
chuanbo zheng
zhengcb@netpower.com.cn

                 reply	other threads:[~2003-01-08  1:41 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200301080937906.SM01092@zhengcb \
    --to=zhengcb@netpower.com.cn \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.