The ebtables program is a filtering tool for a Linux-based bridging firewall. It enables transparent filtering of network traffic passing through a Linux bridge.
Questions tagged [ebtables]
27 questions
5
votes
2 answers
How to work around runlevel error in Ubuntu on Windows 10 Spring Creators Update?
When doing an apt-get dist-upgrade in Ubuntu 18.04 running on Windows 10 Spring Creators Update (RS4), I get this error:
Preparing to unpack .../ebtables_2.0.10.4-3.5ubuntu2.18.04.1_amd64.deb ...
invoke-rc.d: could not determine current runlevel
*…
Matt Hargett
- 1,906
- 1
- 17
- 37
4
votes
2 answers
How to write custom module for ebtables?
Basically, I want to write a kernel module that adds a possible filter to ebtables. Then I need to tell ebtables to use my filter on a bridge I have set up.
The reason I need to write my own module is that I want to introduce delay between…
Shahbaz
- 46,337
- 19
- 116
- 182
2
votes
2 answers
How to prevent docker containers from accessing my local network
I would like to be able to prevent docker containers connected to a bridge network from accessing my local network in order to add extra security since they will be accessible from outside (in case a container is compromised). I saw that I should…
tr4cks
- 126
- 1
- 8
2
votes
0 answers
ebtable NFLOG cause ARP request drop
Not sure what I'm doing wrong. I have two machines connected back to back with this ebtable rule setup:
ebtables -A OUTPUT -p ARP --arp-op Request --nflog-group 100 -j DROP
I have a process listening on netlink group 100. I have the following setup…
GHe
- 499
- 1
- 4
- 10
2
votes
1 answer
iptables / ebtables hook function to filter on interface or layer 2
I have used netfilter hook functions to filter/sniff on outgoing IP packets. I'm looking to filter outgoing (from host) packets between IP layer and Link layer to look into Layer 2 information like - interface, MAC address. The NF_INET_POSTROUTING…
gdb007
- 21
- 4
2
votes
0 answers
Nftables- how to mark qinq (double vlan)?
hey i am using Nftables in Ubuntu 16.04 , i am trying to mark packet according to the inner Vlan id (create this rule). so far i have succeed to mark only by the first Vlan id with Nftables in this way:
nft add table netdev l2 #create table of type…
Omer Anisfeld
- 1,236
- 12
- 28
2
votes
2 answers
How to use ebtables inside Docker?
When I run /sbin/ebtables --list in a Ubuntu Docker container, I get the message:
root@500790dca629:/core-release-4.8# /sbin/ebtables --list
modprobe: ERROR: ../libkmod/libkmod.c:557 kmod_search_moddep() could not open moddep file…
Jehan
- 2,701
- 2
- 23
- 28
2
votes
0 answers
Captive Portal for a bridged interface
I like to create a simple captive portal that works for an interface that is part of a bridge.
The bridge interface br0 (10.19.1.1/16) consists of two interfaces eth0 and eth1.
Behind eth1 are the client computers. Behind eth0 is a switch that has…
mwarning
- 721
- 5
- 22
2
votes
2 answers
iptables/ebtables/bridge-utils: PREROUTING/FORWARD to another server via single NIC
We have a number of iptables rules for forwarding connections, which are solid and work well.
For example, port 80 forwards to port 8080 on the same machine (the webserver). When a given webserver is restarting, we forward requests to another IP on…
Neale Rudd - Metawerx Java
- 107
- 1
- 2
- 4
1
vote
1 answer
Yocto: Data file clashes build error while enabling libvirt
While enabling libvirt in yocto, I am seeing below data file clash issue while building yocto image,
Below are the packages I am trying to append install to my yocto image
IMAGE_INSTALL_append = " \
packagegroup-core-boot \
…
Deekshith Reddy
- 11
- 3
1
vote
0 answers
Prerouting marked packets to the loopback interface inside a docker container
Before I describe my question or more particulary my problem in more detail, I want to first depict my basic approach:
Basicly what I'm trying to do is to create an inline on a linux bridge inside a docker container (operation system is alpine). For…
UniXBRO
- 11
- 2
1
vote
0 answers
Openwrt in bridge mode - ebtables kernel error
I have a setup at home as follow:
DHCP clients -----> (wifi)(bridge) Openwrt -----> (eth)Main Router
The device I'm using is TPlink MR3020 with Barrier Breaker and I tried to set up transparent proxy for bridge traffic - I want to redirect the…
Enes Aldemir
- 93
- 3
- 5
1
vote
1 answer
How to use ebtables or ptables to drop packet with specific MAC address?
I tried to filter any packet with specific MAC coming to eth0. The commands below are used (ebtable and iptables) but did not work. Can anyone please give some advice?
I used ebtables because I used a bridge containing veth0, eth0, and eth1. The…
mmc1115
- 21
- 1
- 4
1
vote
1 answer
How to capture packets at the switching layer
I have written 2 modules which are netfilter hook based and work at the IP layer.
However I wan to now capture packets at the switch layer. Are there any hooks to capture at the switching layer.
Any references to code snippets would be…
RootPhoenix
- 1,626
- 1
- 22
- 40
1
vote
2 answers
Linux: Port Isolation on a Bridge to use OLSR correctly
On a router running OLSR there are four ports/interfaces where connected devices talk OLSR to each other.
Now i dont like to use an IP address for each interface but instead bridge them all and set just one IP address on the bridge.
The problem now…
Christoph Lösch
- 645
- 7
- 22