Diffstat (limited to 'docs/arptables-faq.html')
1 files changed, 56 insertions, 0 deletions
diff --git a/docs/arptables-faq.html b/docs/arptables-faq.html
new file mode 100644
@@ -0,0 +1,56 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+ <TITLE>Arptables Frequently Asked Questions</TITLE>
+ <LINK rel="SHORTCUT ICON" href="">
+ <LINK rel="STYLESHEET" type="text/css" href="brnf.css">
+ <META name="description" content="Arptables Frequently Asked Questions">
+ <META name="author" content="Bart De Schuymer">
+ <META name="keywords" content="Linux, netfilter, firewall, bridge, arptables">
+ <META name="keywords" content="FAQ, kernel, arptables, chains, rules, tables">
+ <DIV class="banner" align="center">
+ <H1>Arptables Frequently (and less frequently) Asked Questions</H1>
+ <A name="top"></A>
+ <P>Last modified: December 30, 2003</P>
+Why does arptables have 2 chains on a 2.4 kernel and 3 chains
+on a 2.6 kernel?
+The 2.4 kernel doesn't have the arptables FORWARD chain as 2.4
+kernels can't filter bridged ARP traffic.
+When is the bridged ARP traffic seen by arptables?
+The artables FORWARD chain sees all ARP packets that are being
+bridged, it sees no other traffic.
+What about ARP packets that arrive through a bridge port and
+are delivered to the bridge's local ARP stack?
+They are seen in the arptables INPUT chain and have as input
+device the logical bridge device, unless you broute them
+using ebtables. Brouted packets will have the physical bridge
+port as input device.
+What about locally generated ARP packets that leave the bridge
+through a logical bridge device?
+They are seen in the arptables OUTPUT chain and have as output
+device the logical bridge device.
+ <A class=navbar href="#top">[Back to the top]</A>