All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Using iptables level7/ipp2p match in a bridge
@ 2006-12-29  1:20 Ming-Ching Tiew
  2006-12-29  1:31 ` Grant Taylor
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Ming-Ching Tiew @ 2006-12-29  1:20 UTC (permalink / raw)
  To: lartc


Subject almost says it all, I wonder if there is a way for me
to use iptables matches like l7 and/or ipp2p match in a 
bridge ( one ethernet in and one ethernet out ) ?

Regards.



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] Using iptables level7/ipp2p match in a bridge
  2006-12-29  1:20 [LARTC] Using iptables level7/ipp2p match in a bridge Ming-Ching Tiew
@ 2006-12-29  1:31 ` Grant Taylor
  2006-12-29  2:04 ` Ming-Ching Tiew
  2007-01-09  2:28 ` Grant Taylor
  2 siblings, 0 replies; 4+ messages in thread
From: Grant Taylor @ 2006-12-29  1:31 UTC (permalink / raw)
  To: lartc

Ming-Ching Tiew wrote:
> Subject almost says it all, I wonder if there is a way for me
> to use iptables matches like l7 and/or ipp2p match in a 
> bridge ( one ethernet in and one ethernet out ) ?

Yes there is.  Read my previous post 
(http://mailman.ds9a.nl/pipermail/lartc/2006q4/019935.html) for more 
information.  In short, what you want to do is enable IPTables (layer 3 
and up) to be able to operate on bridged (layer 2) traffic.  "Bridged 
IP/ARP packets filtering" will allow you to do exactly what you are 
wanting to do.



Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] Using iptables level7/ipp2p match in a bridge
  2006-12-29  1:20 [LARTC] Using iptables level7/ipp2p match in a bridge Ming-Ching Tiew
  2006-12-29  1:31 ` Grant Taylor
@ 2006-12-29  2:04 ` Ming-Ching Tiew
  2007-01-09  2:28 ` Grant Taylor
  2 siblings, 0 replies; 4+ messages in thread
From: Ming-Ching Tiew @ 2006-12-29  2:04 UTC (permalink / raw)
  To: lartc


From: "Grant Taylor" <gtaylor@riverviewtech.net>
> 
> Yes there is.  Read my previous post 
> (http://mailman.ds9a.nl/pipermail/lartc/2006q4/019935.html) for more 
> information.  In short, what you want to do is enable IPTables (layer 3 
> and up) to be able to operate on bridged (layer 2) traffic.  "Bridged 
> IP/ARP packets filtering" will allow you to do exactly what you are 
> wanting to do.
> 

Thank you for a reply which comes in so useful. I would like to get into
a bit more details. Assuming I have already enable the kernel options, 
do you mean if I want to mark ipp2p traffic, I will do something like this :-

       iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 6

If I set more options such as "-i eth0 -o eth1" will I be able to capture 
the traffic more particularly  ?

Regards



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] Using iptables level7/ipp2p match in a bridge
  2006-12-29  1:20 [LARTC] Using iptables level7/ipp2p match in a bridge Ming-Ching Tiew
  2006-12-29  1:31 ` Grant Taylor
  2006-12-29  2:04 ` Ming-Ching Tiew
@ 2007-01-09  2:28 ` Grant Taylor
  2 siblings, 0 replies; 4+ messages in thread
From: Grant Taylor @ 2007-01-09  2:28 UTC (permalink / raw)
  To: lartc

On 12/28/06 20:04, Ming-Ching Tiew wrote:
> Thank you for a reply which comes in so useful. I would like to get into
> a bit more details. Assuming I have already enable the kernel options, 
> do you mean if I want to mark ipp2p traffic, I will do something like this :-

You are welcome.

>        iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 6

Yes, with "Bridged IP/ARP packets filtering" you can do that.

> If I set more options such as "-i eth0 -o eth1" will I be able to capture 
> the traffic more particularly  ?

In short yes.  "Bridged IP/ARP packets filtering" allows IPTables to see 
bridged traffic.  This means that any filtering you can do with IPTables 
can now be done on bridged traffic.




Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-01-09  2:28 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-12-29  1:20 [LARTC] Using iptables level7/ipp2p match in a bridge Ming-Ching Tiew
2006-12-29  1:31 ` Grant Taylor
2006-12-29  2:04 ` Ming-Ching Tiew
2007-01-09  2:28 ` Grant Taylor

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.