docs/arptables-faq.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
	<TITLE>Arptables Frequently Asked Questions</TITLE>
	<LINK rel="SHORTCUT ICON" href="">
	<LINK rel="STYLESHEET" type="text/css" href="brnf.css">
	<META name="description" content="Arptables Frequently Asked Questions">
	<META name="author" content="Bart De Schuymer">
	<META name="keywords" content="Linux, netfilter, firewall, bridge, arptables">
	<META name="keywords" content="FAQ, kernel, arptables, chains, rules, tables">
</HEAD>
<BODY>
	<DIV class="banner" align="center">
		<H1>Arptables Frequently (and less frequently) Asked Questions</H1>
	</DIV>
	<A name="top"></A>
	<P>Last modified: December 30, 2003</P>
	<DL>
		<DT>
Why does arptables have 2 chains on a 2.4 kernel and 3 chains
on a 2.6 kernel?
		</DT>
		<DD>
The 2.4 kernel doesn't have the arptables FORWARD chain as 2.4
kernels can't filter bridged ARP traffic.
		</DD>
		<DT>
When is the bridged ARP traffic seen by arptables?
		</DT>
		<DD>
The arptables FORWARD chain sees all ARP packets that are being
bridged, it sees no other traffic.
		</DD>
		<DT>
What about ARP packets that arrive through a bridge port and
are delivered to the bridge's local ARP stack?
		</DT>
		<DD>
They are seen in the arptables INPUT chain and have as input
device the logical bridge device, unless you broute them
using ebtables. Brouted packets will have the physical bridge
port as input device.
		</DD>
		<DT>
What about locally generated ARP packets that leave the bridge
through a logical bridge device?
		</DT>
		<DD>
They are seen in the arptables OUTPUT chain and have as output
device the logical bridge device.
		</DD>
	</DL>
	<A class=navbar href="#top">[Back to the top]</A>
	<HR>
</BODY>
</HTML>