From 048119030721d37e1dae72302a5fd33c99ba4fe2 Mon Sep 17 00:00:00 2001
From: Bart De Schuymer <bdschuym@pandora.be>
Date: Sun, 3 Nov 2002 16:11:28 +0000
Subject: Add physdev comments

---
 docs/br_fw_ia/br_fw_ia.html | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'docs')

diff --git a/docs/br_fw_ia/br_fw_ia.html b/docs/br_fw_ia/br_fw_ia.html
index 3773001..7bb5887 100644
--- a/docs/br_fw_ia/br_fw_ia.html
+++ b/docs/br_fw_ia/br_fw_ia.html
@@ -54,6 +54,9 @@
         <A HREF="#section9">Using the MAC module extension for
         <EM>iptables</EM></A>
       </LI>
+      <LI>
+        <A HREF="#section10">Using the <EM>iptables</EM> physdev match module for kernel 2.5</A>
+      </LI>
     </OL>
     <A NAME="section1"></A>
     <P CLASS="section">
@@ -608,6 +611,16 @@ echo '1' &gt; /proc/sys/net/ipv4/ip_forward
       pressured enough I could hack something up to make this
       unpleasant side effect go away.
     </P>
+    <A NAME="section10"></A>
+    <P CLASS="section">
+      10. Using the <EM>iptables</EM> physdev match module for kernel 2.5
+    </P>
+      The 2.5 standard kernel contains an <EM>iptables</EM> match module
+      called <EM>physdev</EM> which has to be used to match the bridge's
+      physical in and out ports. Its usage is simple:
+      <PRE>iptables -m physdev --physdev-in &lt;bridge-port&gt;</PRE>
+      and
+      <PRE>iptables -m physdev --physdev-out &lt;bridge-port&gt;</PRE>
     <HR>
 <PRE>
 Released under the GNU Free Documentation License.
-- 
cgit v1.2.3