+ <DIV class="banner" align="center">
+ <H1>Arptables Frequently (and less frequently) Asked Questions</H1>
+ </DIV>
+ <A name="top"></A>
Last modified: December 30, 2003
+ <DL>
+ <DT>
+Why does arptables have 2 chains on a 2.4 kernel and 3 chains
+on a 2.6 kernel?
+ </DT>
+ <DD>
+The 2.4 kernel doesn't have the arptables FORWARD chain as 2.4
+kernels can't filter bridged ARP traffic.
+ </DD>
+ <DT>
+When is the bridged ARP traffic seen by arptables?
+ </DT>
+ <DD>
+The artables FORWARD chain sees all ARP packets that are being
+bridged, it sees no other traffic.
+ </DD>
+ <DT>
+What about ARP packets that arrive through a bridge port and
+are delivered to the bridge's local ARP stack?
+ </DT>
+ <DD>
+They are seen in the arptables INPUT chain and have as input
+device the logical bridge device, unless you broute them
+using ebtables. Brouted packets will have the physical bridge
+port as input device.
+ </DD>
+ <DT>
+What about locally generated ARP packets that leave the bridge
+through a logical bridge device?
+ </DT>
+ <DD>
+They are seen in the arptables OUTPUT chain and have as output
+device the logical bridge device.
+ </DD>
+ </DL>
