--- linux/net/bridge/netfilter/ebtables.c	Fri May  3 20:37:08 2002
+++ ebt2.0pre5.001/net/bridge/netfilter/ebtables.c	Fri May  3 20:28:46 2002
@@ -124,17 +124,26 @@
 		      (point->logical_out), &out->br_port->br->dev), EBT_ILOGICALOUT))
 
 		) {
-			if ( (point->bitmask & EBT_SOURCEMAC) &&
-			   FWINV(!!memcmp(point->sourcemac,
-			   ((**pskb).mac.ethernet)->h_source, ETH_ALEN),
-			   EBT_ISOURCE) )
-				goto letscontinue;
+			char hlpmac[6];
+			int j;
 
-			if ( (point->bitmask & EBT_DESTMAC) &&
-			   FWINV(!!memcmp(point->destmac,
-			   ((**pskb).mac.ethernet)->h_dest, ETH_ALEN),
-			   EBT_IDEST) )
-				goto letscontinue;
+			if (point->bitmask & EBT_SOURCEMAC) {
+				for (j = 0; j < 6; j++)
+					hlpmac[j] = ((**pskb).mac.ethernet)->
+					   h_source[j] & point->sourcemsk[j];
+				if (FWINV(!!memcmp(point->sourcemac, hlpmac,
+				   ETH_ALEN), EBT_ISOURCE) )
+					goto letscontinue;
+			}
+
+			if (point->bitmask & EBT_DESTMAC) {
+				for (j = 0; j < 6; j++)
+					hlpmac[j] = ((**pskb).mac.ethernet)->
+					   h_dest[j] & point->destmsk[j];
+				if (FWINV(!!memcmp(point->destmac, hlpmac,
+				   ETH_ALEN), EBT_IDEST) )
+					goto letscontinue;
+			}
 
 			if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in,
 			   out, counter_base + i) != 0)
--- linux/include/linux/netfilter_bridge/ebtables.h	Fri May  3 20:37:08 2002
+++ ebt2.0pre5.001/include/linux/netfilter_bridge/ebtables.h	Thu May  2 19:01:09 2002
@@ -136,7 +136,9 @@
 	// the logical out-dev
 	__u8 logical_out[IFNAMSIZ];
 	__u8 sourcemac[ETH_ALEN];
+	__u8 sourcemsk[ETH_ALEN];
 	__u8 destmac[ETH_ALEN];
+	__u8 destmsk[ETH_ALEN];
 	// sizeof ebt_entry + matches
 	__u16 watchers_offset;
 	// sizeof ebt_entry + matches + watchers