Last modified: December 30, 2003

Why does arptables have 2 chains on a 2.4 kernel and 3 chains on a 2.6 kernel?
The 2.4 kernel doesn't have the arptables FORWARD chain as 2.4 kernels can't filter bridged ARP traffic.
When is the bridged ARP traffic seen by arptables?
The artables FORWARD chain sees all ARP packets that are being bridged, it sees no other traffic.
What about ARP packets that arrive through a bridge port and are delivered to the bridge's local ARP stack?
They are seen in the arptables INPUT chain and have as input device the logical bridge device, unless you broute them using ebtables. Brouted packets will have the physical bridge port as input device.
What about locally generated ARP packets that leave the bridge through a logical bridge device?
They are seen in the arptables OUTPUT chain and have as output device the logical bridge device.
[Back to the top]