[GTER] Ubiquiti fw
Rubens Kuhl
rubensk at gmail.com
Mon May 21 13:53:44 -03 2012
2012/5/21 Alexandre J. Correa - Onda Internet <alexandre at onda.net.br>:
> conntrack esta fora dessa 5.3.3-1 ... e o firmware nao usa ebtables para
> fazer nada, nenhuma regra aparente..
>
> na 5.5, vou manter o ebtables (para filtrar pppoe-discovery e pppoe-session)
Talvez zerar via sysctl o arptables, iptables, ip6-tables e
vlan-tagged mas deixar o pppoe-tagged ?
/proc/sys/net/bridge/* Variables:
bridge-nf-call-arptables - BOOLEAN
1 : pass bridged ARP traffic to arptables' FORWARD chain.
0 : disable this.
Default: 1
bridge-nf-call-iptables - BOOLEAN
1 : pass bridged IPv4 traffic to iptables' chains.
0 : disable this.
Default: 1
bridge-nf-call-ip6tables - BOOLEAN
1 : pass bridged IPv6 traffic to ip6tables' chains.
0 : disable this.
Default: 1
bridge-nf-filter-vlan-tagged - BOOLEAN
1 : pass bridged vlan-tagged ARP/IP/IPv6 traffic to {arp,ip,ip6}tables.
0 : disable this.
Default: 1
bridge-nf-filter-pppoe-tagged - BOOLEAN
1 : pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables.
0 : disable this.
Default: 1
> pensei hoje em utilizar uma CLI no estilo "cisco-like" e remover o http por
> completo...
> lembro que existe um projeto de CLI assim no sourceforge, se alguem souber o
> nome, faz um tempo que vi e não recordo.
libcli e {k,c}lish.
http://sites.dparrish.com/libcli
http://klish.googlecode.com/
http://clish.sourceforge.net/
Rubens
More information about the gter
mailing list