All of lore.kernel.org
 help / color / mirror / Atom feed
* ebtables VLAN filtering
@ 2011-02-07  1:43 Jonathan Tripathy
  2011-02-07  4:43 ` Grant Taylor
  2011-02-07  9:24 ` Pascal Hambourg
  0 siblings, 2 replies; 3+ messages in thread
From: Jonathan Tripathy @ 2011-02-07  1:43 UTC (permalink / raw)
  To: netfilter

Hi Everyone,

With ebtables, is it possible to filter via the VLAN interface (e.g. 
eth0.3 for VLAN3) using the normal -i and -o parameters? I'd like to 
filter via the interface rather than using the tag with --vlan-id if 
possible

Thanks

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: ebtables VLAN filtering
  2011-02-07  1:43 ebtables VLAN filtering Jonathan Tripathy
@ 2011-02-07  4:43 ` Grant Taylor
  2011-02-07  9:24 ` Pascal Hambourg
  1 sibling, 0 replies; 3+ messages in thread
From: Grant Taylor @ 2011-02-07  4:43 UTC (permalink / raw)
  To: Mail List - Netfilter

On 2/6/2011 7:43 PM, Jonathan Tripathy wrote:
> With ebtables, is it possible to filter via the VLAN interface (e.g.
> eth0.3 for VLAN3) using the normal -i and -o parameters? I'd like to
> filter via the interface rather than using the tag with --vlan-id if
> possible

Yes it is.

(I am currently doing exactly that on a system with 30+ VLAN interfaces.)

It is my (mis)understanding that the --vlan-id is used to match traffic 
to/from a specific tagged VLAN on the /raw/ interface.  (I don't know 
for sure b/c I never match on the raw interface.  I always use the VLAN 
sub-interface.)



Grant. . . .

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: ebtables VLAN filtering
  2011-02-07  1:43 ebtables VLAN filtering Jonathan Tripathy
  2011-02-07  4:43 ` Grant Taylor
@ 2011-02-07  9:24 ` Pascal Hambourg
  1 sibling, 0 replies; 3+ messages in thread
From: Pascal Hambourg @ 2011-02-07  9:24 UTC (permalink / raw)
  To: netfilter

Hello,

Jonathan Tripathy a écrit :
> 
> With ebtables, is it possible to filter via the VLAN interface (e.g. 
> eth0.3 for VLAN3) using the normal -i and -o parameters? I'd like to 
> filter via the interface rather than using the tag with --vlan-id if 
> possible

It depends whether you added the raw interface eth0 or the VLAN
interface eth0.3 to the bridge. If you added the raw interface eth0,
then the bridge and ebtables should see tagged frames in all VLANs
from/to eth0. If you added the VLAN interface eth0.3, then the bridge
and ebtables should see untagged frames in VLAN 3 from/to eth0.3.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-02-07  9:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-02-07  1:43 ebtables VLAN filtering Jonathan Tripathy
2011-02-07  4:43 ` Grant Taylor
2011-02-07  9:24 ` Pascal Hambourg

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.