|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore
On Wed, Nov 10, 2010 at 2:37 AM, Sander Eikelenboom
<linux@xxxxxxxxxxxxxx> wrote:
> Hello Ian,
>
> Tuesday, November 9, 2010, 7:32:00 PM, you wrote:
>
>> Sander Eikelenboom writes ("Re: [Xen-devel] [PATCH] vif-common.sh prevent
>> physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING
>> chains for non-bridged traffic is not supported anymore"):
>>> Good point, although I don't have a config with an old enough
>>> iptables/kernel to test what happens in that case ..
>
> this
> http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=30596a5e7ae8c518a8a0bbf3aa891728e9f9ec1b
> commit allready seems to have the option
> it's from 2003...
>
>
>> On lenny:
>
>> $ iptables --physdev-is-bridged
>> iptables v1.4.2: Unknown arg `(null)'
>> Try `iptables -h' or 'iptables --help' for more information.
>> $
>
>> What I want to know, though, is what happens if you have a new
>> iptables and an old kernel.
>
>> Ian.
Hi Ian,
Usage as below which show support for CentOS 4 amd CentOS 5:
# /sbin/iptables -m physdev --help|grep 'physdev-is-bridged'
[!] --physdev-is-bridged it's a bridged packet
# /sbin/iptables -m physdev --help
iptables v1.2.11
Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LFZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)
Commands:
Either long or short options are allowed.
--append -A chain Append to chain
--delete -D chain Delete matching rule from chain
--delete -D chain rulenum
Delete rule rulenum (1 = first) from chain
--insert -I chain [rulenum]
Insert in chain as rulenum (default 1=first)
--replace -R chain rulenum
Replace rule rulenum (1 = first) in chain
--list -L [chain] List the rules in a chain or all chains
--flush -F [chain] Delete all rules in chain or all chains
--zero -Z [chain] Zero counters in chain or all chains
--new -N chain Create a new user-defined chain
--delete-chain
-X [chain] Delete a user-defined chain
--policy -P chain target
Change policy on chain to target
--rename-chain
-E old-chain new-chain
Change chain name, (moving any references)
Options:
--proto -p [!] proto protocol: by number or name, eg. `tcp'
--source -s [!] address[/mask]
source specification
--destination -d [!] address[/mask]
destination specification
--in-interface -i [!] input name[+]
network interface name ([+] for wildcard)
--jump -j target
target for rule (may load target extension)
--match -m match
extended match (may load extension)
--numeric -n numeric output of addresses and ports
--out-interface -o [!] output name[+]
network interface name ([+] for wildcard)
--table -t table table to manipulate (default: `filter')
--verbose -v verbose mode
--line-numbers print line numbers when listing
--exact -x expand numbers (display exact values)
[!] --fragment -f match second or further fragments only
--modprobe=<command> try to insert modules using this command
--set-counters PKTS BYTES set the counter during insert/append
[!] --version -V print package version.
physdev v1.2.11 options:
--physdev-in [!] input name[+] bridge port name ([+] for wildcard)
--physdev-out [!] output name[+] bridge port name ([+] for wildcard)
[!] --physdev-is-in arrived on a bridge device
[!] --physdev-is-out will leave on a bridge device
[!] --physdev-is-bridged it's a bridged packet
Thanks.
Kindest regards,
Giam Teck Choon
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |