From: Jiri J. <jja...@re...> - 2013-08-28 12:11:46
|
On 08/27/2013 07:50 PM, Linda Knippers wrote: > Not my area but I trust you. :-) > > -- ljk > I believe that this part of README.netfilter was originally made up to work around the fact that no ARP/ND packets could get through: Setting the aging timer to a high value is helpful to the testing as it prevents the learned mac addresses in the bridge's forwarding database from being deleted when it hasn't seen a frame from that mac address in the timer number of seconds. The following command is recommended. # brctl setageing <bridge name> 3600 This workaround shouldn't be needed anymore as basic link discovery now works. To my best knowledge, these rules shouldn't interfere with anything, since they're mandatory for vast majority of traffic to work. They would present a problem only when doing something like static ARP/neighbor assignment testing (and checking that no requests are being sent). >> >> ebtables -A INPUT -p arp -j ACCEPT >> +ebtables -A INPUT -p ipv6 --ip6-protocol ipv6-icmp --ip6-icmp-type neighbour-solicitation -j ACCEPT >> +ebtables -A INPUT -p ipv6 --ip6-protocol ipv6-icmp --ip6-icmp-type neighbour-advertisement -j ACCEPT >> Jiri |