I am trying to learn and understand the ebtables statements in the following script
which I found in this thread
https://www.snbforums.com/threads/f...guest-network-for-asus-merlin-rt-ac68u.18969/
https://www.snbforums.com/threads/f...guest-network-for-asus-merlin-rt-ac68u.18969/
I have been reading about ebtables and I am a bit puzzled with the first statement above. From what I have read, for broute/BROUTING, DROP does not mean discard, but pass the frame to the stack for routing. So in reading that statement, I think it says that frames coming from vlan10, with a destination anywhere in the router subnet, are to be sent for routing, and the next two filter lines would not execute.
Since that does not make any sense to me, I must have the wrong understanding.
Could (please) anyone versed in ebtables comment on the meaning of the statement?
Code:
#!/bin/sh
# force LAN port 4 to use the Guest network
robocfg vlan 1 ports "1 2 3 5t"
robocfg vlan 10 ports "4 5t"
vconfig add eth0 10
ifconfig vlan10 up
brctl addif br0 vlan10
ebtables -t broute -I BROUTING -p IPv4 -i vlan10 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
ebtables -t filter -I FORWARD -i vlan10 -o ! vlan2 -j DROP
ebtables -t filter -I FORWARD -i ! vlan2 -o vlan10 -j DROPwhich I found in this thread
https://www.snbforums.com/threads/f...guest-network-for-asus-merlin-rt-ac68u.18969/
https://www.snbforums.com/threads/f...guest-network-for-asus-merlin-rt-ac68u.18969/
I have been reading about ebtables and I am a bit puzzled with the first statement above. From what I have read, for broute/BROUTING, DROP does not mean discard, but pass the frame to the stack for routing. So in reading that statement, I think it says that frames coming from vlan10, with a destination anywhere in the router subnet, are to be sent for routing, and the next two filter lines would not execute.
Since that does not make any sense to me, I must have the wrong understanding.
Could (please) anyone versed in ebtables comment on the meaning of the statement?
