* nftables equivalent for ebtables BROUTING trick?
@ 2017-10-10 16:55 Deposite Pirate
0 siblings, 0 replies; only message in thread
From: Deposite Pirate @ 2017-10-10 16:55 UTC (permalink / raw)
To: netfilter
Hi,
I would like to use nftables instead of {eb,ip,ip6,arp}tables on my router,
but I'm not sure it's possible to do a "trick" ebtables can do with the
BROUTING hook. I did a search engine query for "nftables BROUTING" but not
much came up that deals with the problem. I also tried to translate the
ebtables rule to nftables but that didn't work either. What I'm trying to
do with nftables is to drop all non IPv6 traffic to the underlying bridged
interfaces. With ebtables you can do:
ebtables -t broute -A BROUTING -p ! ipv6 -j DROP
The non-IPv6 traffic won't be really discarded but will be routed to the
underlying interfaces. This allows to have NAT'ed IPv4 as usual and a
bridge for IPv6. No need for hacks to proxy NDP traffic from the upstream
ISP router with this setup. nftables doesn't seem to be able to use the
BROUTING hook. But perhaps there's another way to achieve the same thing?
Regards,
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-10-10 16:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-10 16:55 nftables equivalent for ebtables BROUTING trick? Deposite Pirate
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.