Hi Patrick McHardy,

Thanks a lot for your hint.

Just in curiousness: when and why the -i and -o don't match on bridge's
physic device? A lot of documents on bridging firewall give example
using -i and -o.

On Sun, 24 Apr 2005 18:28:17 +0200, Patrick McHardy <kaber@trash.net> wrote:

> Wang Jian wrote:
> > Hi,
> > 
> > During my test, I find that --in-interface doesn't work as I expected.
> > 
> >   web server -- (eth0--br0--eth1)  -- web client
> > 
> > 
> > # iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 80 \
> > 	-j MARK --set-mark 1
> > 
> > doesn't set mark to 1.
> 
> Find out which interface is used using LOG. There is a physdev-match
> for use with briding, perhaps this is what you need.
> 
> Regards
> Patrick



-- 
  lark