Discussion:
Cannot drop packets via OUTPUT chain?
Wei-Ting Wang
2007-11-08 06:42:03 UTC
Permalink
Hello,

My Linux version is shown as following:
# uname -a
Linux (none) 2.4.17_mvl21-4189ref #371 Wed Oct 24 14:32:10 CST 2007 mips unknown

My ebtables version is shown as following:
# ebtables
ebtables v2.0.8-2 (May 2007)

Now, I am implementing Mac filter using ebtables. And I can drop
packets via INPUT chain.
ebtables -A INPUT -i eth0 -p IPv4 -s 00:0E:A6:0B:11:6F -j DROP
ebtables -A INPUT -i eth0 -p IPv4 -d 00:00:AA:BB:CC:FF -j DROP

However, both the following two commands can write into ebtable but
cannot drop packets via OUTPUT chain. In fact, I have not dropped any
packets via OUTPUT chain.
ebtables -A OUTPUT -o eth0 -p IPv4 -s 00:00:AA:BB:CC:FF -j DROP
ebtables -A OUTPUT -o eth0 -p IPv4 -d 00:0E:A6:0B:11:6F -j DROP

Thanks.
--
Regards,
šL«Â©w Wei-Ting Wang
Wei-Ting Wang
2007-11-08 09:52:15 UTC
Permalink
Hello,

Sorry, last post had wrong encoding.

My Linux version is shown as following:
# uname -a
Linux (none) 2.4.17_mvl21-4189ref #371 Wed Oct 24 14:32:10 CST 2007 mips unknown

My ebtables version is shown as following:
# ebtables
ebtables v2.0.8-2 (May 2007)

Now, I am implementing Mac filter using ebtables. And I can drop
packets via INPUT chain.
ebtables -A INPUT -i eth0 -p IPv4 -s 00:0E:A6:0B:11:6F -j DROP
ebtables -A INPUT -i eth0 -p IPv4 -d 00:00:AA:BB:CC:FF -j DROP

However, both the following two commands can write into ebtable but
cannot drop packets via OUTPUT chain. In fact, I have not dropped any
packets via OUTPUT chain.
ebtables -A OUTPUT -o eth0 -p IPv4 -s 00:00:AA:BB:CC:FF -j DROP
ebtables -A OUTPUT -o eth0 -p IPv4 -d 00:0E:A6:0B:11:6F -j DROP

Thanks.
--
Regards,
汪威定 Wei-Ting Wang
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
YUNG-CHANG WANG <王勇璋>
2007-11-08 10:03:14 UTC
Permalink
---------- Forwarded message ----------
From: Wei-Ting Wang <***@gmail.com>
Date: 2007/11/8 䞋午 5:59
Subject: Fwd: Cannot drop packets via OUTPUT chain?



Hello,

My Linux version is shown as following:
# uname -a
Linux (none) 2.4.17_mvl21-4189ref #371 Wed Oct 24 14:32:10 CST 2007 mips
unknown

My ebtables version is shown as following:
# ebtables
ebtables v2.0.8-2 (May 2007)

Now, I am implementing Mac filter using ebtables. And I can drop
packets via INPUT chain.
ebtables -A INPUT -i eth0 -p IPv4 -s 00:0E:A6:0B:11:6F -j DROP
ebtables -A INPUT -i eth0 -p IPv4 -d 00:00:AA:BB:CC:FF -j DROP

However, both the following two commands can write into ebtable but
cannot drop packets via OUTPUT chain. In fact, I have not dropped any
packets via OUTPUT chain.
ebtables -A OUTPUT -o eth0 -p IPv4 -s 00:00:AA:BB:CC:FF -j DROP
ebtables -A OUTPUT -o eth0 -p IPv4 -d 00:0E:A6:0B:11:6F -j DROP

Thanks.
--
Regards,
Wei-Ting Wang

Loading...