From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: Jonathan Tripathy <jonnyt@abpni.co.uk>
Cc: Jan Engelhardt <jengelh@medozas.de>, netfilter@vger.kernel.org
Subject: Re: Bridges
Date: Thu, 19 Aug 2010 01:05:21 +0200 [thread overview]
Message-ID: <4C6C6731.50401@plouf.fr.eu.org> (raw)
In-Reply-To: <4C6C63EF.7060305@abpni.co.uk>
Jonathan Tripathy a écrit :
>>>> Sorry, I used a bad choice of words - Would ebtables stop the frame reaching
>>>> the remote host (VM in my case) is what I meant to say:)
>>> No. The two bridges are not connected to another in the first place,
>>> so the only way for a packet to come in on br0 and go out on br1 is
>>> routing, for which iptables is needed to filter.
>
> But even without iptables, traffic coudn't cross without a router in the
> middle, right?
Remember that Linux itself can act as a router.
> BTW, my post above wasn't really related to having 2 bridges, but more
> of the "dumb hub" situation.
I think Jan misunderstood your question which was
> Incidentally, would using ebtables rules prevent the bridge from
> going into "dumb hub" mode? Like let's say I said that "all traffic
> leaving this interface must have this destination MAC address".
IIUC your question, yes, ebtables could do that. But beware when doing
this, you could easily break very useful things such as ARP resolution
(which uses broadcast) or IPv6 neighbour discovery (which uses multicast).
next prev parent reply other threads:[~2010-08-18 23:05 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-17 22:44 Bridges Jonathan Tripathy
2010-08-17 22:56 ` Bridges Jan Engelhardt
2010-08-17 23:34 ` Bridges Stephen Hemminger
2010-08-18 11:27 ` Bridges Thomas Jacob
2010-08-18 19:51 ` Bridges Jonathan Tripathy
2010-08-18 21:51 ` Bridges Grant Taylor
2010-08-18 21:57 ` Bridges Jonathan Tripathy
2010-08-18 22:08 ` Bridges Grant Taylor
2010-08-18 22:15 ` Bridges Jonathan Tripathy
2010-08-18 22:26 ` Bridges Jan Engelhardt
2010-08-18 22:51 ` Bridges Jonathan Tripathy
2010-08-18 23:05 ` Pascal Hambourg [this message]
2010-08-18 23:07 ` Bridges Jonathan Tripathy
2010-08-18 23:21 ` Bridges Pascal Hambourg
2010-08-18 23:23 ` Bridges Jonathan Tripathy
2010-08-18 23:45 ` Bridges Jonathan Tripathy
2010-08-19 7:26 ` Bridges Pascal Hambourg
2010-08-19 18:47 ` Bridges Jonathan Tripathy
2010-08-19 19:26 ` Bridges Pascal Hambourg
2010-08-19 19:37 ` Bridges Jonathan Tripathy
2010-08-19 20:00 ` Bridges Jan Engelhardt
2010-08-19 20:11 ` Bridges Jonathan Tripathy
2010-08-19 21:14 ` Bridges Pascal Hambourg
2010-08-19 21:24 ` Bridges Jonathan Tripathy
2010-08-19 22:04 ` Bridges Pascal Hambourg
2010-08-19 22:53 ` Bridges Jonathan Tripathy
2010-08-20 8:53 ` Bridges Pascal Hambourg
2010-08-21 21:46 ` Bridges Jonathan Tripathy
2010-08-21 23:25 ` Bridges Jan Engelhardt
[not found] ` <4C70E853.6050107@abpni.co .uk>
2010-08-22 9:05 ` Bridges Jonathan Tripathy
2010-08-22 9:09 ` Bridges Jan Engelhardt
[not found] ` <4C70E 9A2.3040907@abpni.co.uk>
2010-08-22 9:10 ` Bridges Jonathan Tripathy
2010-08-22 21:02 ` Bridges Pascal Hambourg
[not found] ` <4C7194 D3.7070803@abpni.co.uk>
2010-08-22 21:21 ` Bridges Jonathan Tripathy
2010-08-23 8:22 ` Bridges Pascal Hambourg
2010-08-23 20:18 ` Bridges Jonathan Tripathy
2010-08-24 8:57 ` Bridges Karel Rericha
2010-08-24 14:44 ` Bridges Pascal Hambourg
2010-08-24 17:37 ` Bridges Jonathan Tripathy
2010-08-24 18:07 ` Bridges Pascal Hambourg
2010-08-24 18:34 ` Bridges Jonathan Tripathy
2010-08-24 22:20 ` Bridges Pascal Hambourg
2010-08-20 8:38 ` Bridges Jan Engelhardt
2010-08-20 9:05 ` Bridges Pascal Hambourg
2010-08-20 9:09 ` Bridges Jan Engelhardt
2010-08-20 10:26 ` Bridges Pascal Hambourg
2010-08-20 16:02 ` Bridges Grant Taylor
2010-08-20 16:18 ` Bridges Jan Engelhardt
2010-08-20 16:25 ` Bridges Grant Taylor
2010-08-20 16:32 ` Bridges Jan Engelhardt
2010-08-21 12:48 ` Bridges Pascal Hambourg
2010-08-21 21:44 ` Bridges Grant Taylor
2010-08-19 19:28 ` Bridges Jan Engelhardt
2010-08-18 22:59 ` Bridges Pascal Hambourg
2010-08-18 23:00 ` Bridges Jonathan Tripathy
2010-08-18 23:11 ` Bridges Pascal Hambourg
2010-08-19 8:29 ` Bridges Jan Engelhardt
2010-08-19 9:16 ` Bridges Pascal Hambourg
2010-08-19 3:52 ` Bridges Grant Taylor
2010-08-19 7:33 ` Bridges Pascal Hambourg
2010-08-19 14:51 ` Bridges Grant Taylor
2010-08-19 14:56 ` Bridges Jan Engelhardt
2010-08-19 15:49 ` Bridges Grant Taylor
2010-08-19 16:21 ` Bridges Jan Engelhardt
2010-08-19 16:41 ` Bridges Grant Taylor
2010-08-19 17:10 ` Bridges Jan Engelhardt
2010-08-19 18:36 ` Bridges Grant Taylor
2010-08-19 17:10 ` Bridges Rick Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C6C6731.50401@plouf.fr.eu.org \
--to=pascal.mail@plouf.fr.eu.org \
--cc=jengelh@medozas.de \
--cc=jonnyt@abpni.co.uk \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox