| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
| <HTML> |
| <HEAD> |
| <TITLE>Arptables Frequently Asked Questions</TITLE> |
| <LINK rel="SHORTCUT ICON" href=""> |
| <LINK rel="STYLESHEET" type="text/css" href="brnf.css"> |
| <META name="description" content="Arptables Frequently Asked Questions"> |
| <META name="author" content="Bart De Schuymer"> |
| <META name="keywords" content="Linux, netfilter, firewall, bridge, arptables"> |
| <META name="keywords" content="FAQ, kernel, arptables, chains, rules, tables"> |
| </HEAD> |
| <BODY> |
| <DIV class="banner" align="center"> |
| <H1>Arptables Frequently (and less frequently) Asked Questions</H1> |
| </DIV> |
| <A name="top"></A> |
| <P>Last modified: December 30, 2003</P> |
| <DL> |
| <DT> |
| Why does arptables have 2 chains on a 2.4 kernel and 3 chains |
| on a 2.6 kernel? |
| </DT> |
| <DD> |
| The 2.4 kernel doesn't have the arptables FORWARD chain as 2.4 |
| kernels can't filter bridged ARP traffic. |
| </DD> |
| <DT> |
| When is the bridged ARP traffic seen by arptables? |
| </DT> |
| <DD> |
| The arptables FORWARD chain sees all ARP packets that are being |
| bridged, it sees no other traffic. |
| </DD> |
| <DT> |
| What about ARP packets that arrive through a bridge port and |
| are delivered to the bridge's local ARP stack? |
| </DT> |
| <DD> |
| They are seen in the arptables INPUT chain and have as input |
| device the logical bridge device, unless you broute them |
| using ebtables. Brouted packets will have the physical bridge |
| port as input device. |
| </DD> |
| <DT> |
| What about locally generated ARP packets that leave the bridge |
| through a logical bridge device? |
| </DT> |
| <DD> |
| They are seen in the arptables OUTPUT chain and have as output |
| device the logical bridge device. |
| </DD> |
| </DL> |
| <A class=navbar href="#top">[Back to the top]</A> |
| <HR> |
| </BODY> |
| </HTML> |