[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Is the concept of BROUTING deprecated and what is the modern alternative?
From:       Pyry Kontio <pyry.kontio () drasa ! eu>
Date:       2020-09-14 10:07:20
Message-ID: CACS8yHK7=_Xvjy9J30CLjGrLN__xu7mezpyQVQEikbqTLOtaNw () mail ! gmail ! com
[Download RAW message or body]

Hi all,

I set up a software bridge, and according to the Arch wiki[1] and the old
ebtables website[2], I could set up BROUTING settings for speeding up
traffic to the bridge itself. However, my experience made me doubt if
I'm supposed to do that:

# ebtables -V
ebtables 1.8.4 (nf_tables)

# ebtables -t broute -L
ebtables v1.8.4 (nf_tables): table `broute' is incompatible, use 'nft' tool.

# ebtables-legacy -V # (I think this is a NixOS package for the pre
nftable tools)
ebtables v2.0.11 (legacy) (December 2011)

# ebtables-legacy -t broute -L
Bridge table: broute

Bridge chain: BROUTING, entries: 0, policy: ACCEPT

So, with the legacy version seemingly working:

# ebtables-legacy -t broute -A BROUTING -d 92:12:1f:09:e4:a5 -j
redirect --redirect-target DROP

But this made me lose all my connectivity, which fortunately returned
immediately after deleting the rule.

I also couldn't find any mentions about "brouting" in the nftables wiki,
or on this mailing list, after the year 2007.

So, is brouting a thing anymore? Am I not supposed to do it? Is there
a modern alternative?

[1]: https://wiki.archlinux.org/index.php/Network_bridge#Speeding_up_traffic_destinated_to_the_bridge_itself
 [2]: http://ebtables.netfilter.org/examples/basic.html#ex_speed

With kind regards,
Pyry Kontio


[prev in list] [next in list] [prev in thread] [next in thread]