*** empty log message ***

1 files changed, 56 insertions, 0 deletions

diff --git a/docs/arptables-faq.html b/docs/arptables-faq.html
new file mode 100644
index 0000000..c1aaa8d
--- /dev/null
+++ b/docs/arptables-faq.html
@@ -0,0 +1,56 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML>
+<HEAD>
+	<TITLE>Arptables Frequently Asked Questions</TITLE>
+	<LINK rel="SHORTCUT ICON" href="">
+	<LINK rel="STYLESHEET" type="text/css" href="brnf.css">
+	<META name="description" content="Arptables Frequently Asked Questions">
+	<META name="author" content="Bart De Schuymer">
+	<META name="keywords" content="Linux, netfilter, firewall, bridge, arptables">
+	<META name="keywords" content="FAQ, kernel, arptables, chains, rules, tables">
+</HEAD>
+<BODY>
+	<DIV class="banner" align="center">
+		<H1>Arptables Frequently (and less frequently) Asked Questions</H1>
+	</DIV>
+	<A name="top"></A>
+	<P>Last modified: December 30, 2003</P>
+	<DL>
+		<DT>
+Why does arptables have 2 chains on a 2.4 kernel and 3 chains
+on a 2.6 kernel?
+		</DT>
+		<DD>
+The 2.4 kernel doesn't have the arptables FORWARD chain as 2.4
+kernels can't filter bridged ARP traffic.
+		</DD>
+		<DT>
+When is the bridged ARP traffic seen by arptables?
+		</DT>
+		<DD>
+The artables FORWARD chain sees all ARP packets that are being
+bridged, it sees no other traffic.
+		</DD>
+		<DT>
+What about ARP packets that arrive through a bridge port and
+are delivered to the bridge's local ARP stack?
+		</DT>
+		<DD>
+They are seen in the arptables INPUT chain and have as input
+device the logical bridge device, unless you broute them
+using ebtables. Brouted packets will have the physical bridge
+port as input device.
+		</DD>
+		<DT>
+What about locally generated ARP packets that leave the bridge
+through a logical bridge device?
+		</DT>
+		<DD>
+They are seen in the arptables OUTPUT chain and have as output
+device the logical bridge device.
+		</DD>
+	</DL>
+	<A class=navbar href="#top">[Back to the top]</A>
+	<HR>
+</BODY>
+</HTML>