[BRIDGE]: Add ipv6 packet filtering.

Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: David S. Miller <davem@davemloft.net>

[BRIDGE]: Add ipv6 packet filtering.
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: David S. Miller <davem@davemloft.net>
02879e96 · Bart De Schuymer · David S. Miller · 21366d93 · 02879e96 · 02879e96
Commit 02879e96 authored Sep 01, 2004 by Bart De Schuymer Committed by David S. Miller Sep 01, 2004
Showing with 264 additions and 126 deletions

Documentation/networking/ip-sysctl.txt Documentation/networking/ip-sysctl.txt +5 -0

include/linux/netfilter_ipv6.h include/linux/netfilter_ipv6.h +2 -0

net/bridge/br_netfilter.c net/bridge/br_netfilter.c +257 -126

No files found.
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -837,6 +837,11 @@ bridge-nf-call-iptables - BOOLEAN
 	0 : disable this.
 	Default: 1
+bridge-nf-call-ip6tables - BOOLEAN
+	1 : pass bridged IPv6 traffic to ip6tables' chains.
+	0 : disable this.
+	Default: 1
 bridge-nf-filter-vlan-tagged - BOOLEAN
 	1 : pass bridged vlan-tagged ARP/IP traffic to arptables/iptables.
 	0 : disable this.

--- a/include/linux/netfilter_ipv6.h
+++ b/include/linux/netfilter_ipv6.h
@@ -58,8 +58,10 @@ enum nf_ip6_hook_priorities {
 	NF_IP6_PRI_FIRST = INT_MIN,
 	NF_IP6_PRI_SELINUX_FIRST = -225,
 	NF_IP6_PRI_CONNTRACK = -200,
+	NF_IP6_PRI_BRIDGE_SABOTAGE_FORWARD = -175,
 	NF_IP6_PRI_MANGLE = -150,
 	NF_IP6_PRI_NAT_DST = -100,
+	NF_IP6_PRI_BRIDGE_SABOTAGE_LOCAL_OUT = -50,
 	NF_IP6_PRI_FILTER = 0,
 	NF_IP6_PRI_NAT_SRC = 100,
 	NF_IP6_PRI_SELINUX_LAST = 225,

--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c