Re: IP-less bridge as a martian source

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jarek Poplawski <jarkao2@gmail.com>
To: Ferenc Wagner <wferi@niif.hu>
Cc: netdev@vger.kernel.org
Subject: Re: IP-less bridge as a martian source
Date: Wed, 22 Oct 2008 19:36:08 +0200	[thread overview]
Message-ID: <48FF6488.8050109@gmail.com> (raw)
In-Reply-To: <48FF614C.7020507@gmail.com>

Jarek Poplawski wrote, On 10/22/2008 07:22 PM:

> Ferenc Wagner wrote, On 10/22/2008 05:00 PM:
> 
>> Ferenc Wagner <wferi@niif.hu> writes:
>>
>>> I expected an IP-less bridge interface to pick up no IP packets, but
>>> apparently this isn't the case: broadcast packets with destination
>>> address 255.255.255.255 are reported as martians by the 2.6.1

...

>>>   2. I tried to cut down the logs by explicit iptables drops, but
>>>      didn't succeed.  Does martian detection happen before the
>>>      netfilter rules?  (I know I can disable martian logging by
>>>      interface, but wanted finer granularity.)
> 
> 
> It's after netfilter's PREROUTING. (BTW, it's also after ingress
> qdisc where you can try some filtering.)


On the other hand, if it's a bridge, you should probably have a look
at ebtables instead of iptables.
 

Jarek P.

next prev parent reply	other threads:[~2008-10-22 17:35 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-21 12:06 IP-less bridge as a martian source Ferenc Wagner
2008-10-22 15:00 ` Ferenc Wagner
2008-10-22 17:22   ` Jarek Poplawski
2008-10-22 17:36     ` Jarek Poplawski [this message]
2008-10-22 19:10     ` Jarek Poplawski
2008-10-29 16:56       ` Ferenc Wagner
2008-10-31  8:41         ` Jarek Poplawski
2008-11-01 23:55           ` Ferenc Wagner
2008-11-05  9:43             ` Jarek Poplawski
2008-11-05 10:30               ` Ferenc Wagner
2008-11-05 11:26                 ` Ferenc Wagner
2008-11-06 10:00                 ` Jarek Poplawski
2008-11-06 12:00                   ` Ferenc Wagner
2008-11-06 13:15                     ` Jarek Poplawski
2008-11-06 14:31                       ` Ferenc Wagner
2008-11-07 10:19                         ` Jarek Poplawski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48FF6488.8050109@gmail.com \
    --to=jarkao2@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=wferi@niif.hu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.