- -t, --table
ebtables command has three tables(filter, nat, broute).
* broute: "broute" is a interface which has function, bridge and router.
- -D, --delete
- usage ex: ebtables -D FORWARD 1 In usage ex, delete an rule, rule num 1 in "FORWARD" table.
if you want to know one in detail, you should look ebtables -h.
-
-L, --list
- usage ex: ebtables -L --Ln
In usage ex, show all chain and all rule.
- -o, --out-interface (interface name)
In my case, output interface is tap device.
* how to make tap device by "openvpn" command.
openvpn –mktun –dev tap –user (username)
* how to be active tap device by "ip" command.
ip link set tap up
-
-i, --in-interface (interface name)
-
--log
log watcher write description of flame to syslog(/var/log/syslog).
default is log-leve= info , log-prefix="",no ip log, no arp log.
-
--ulog
-
--ulog-prefix text
-
--ulog-nlgroup group
ebtables -A FORWARD --ulog-nlgroup 1 Unable to update the kernel. Two possible causes:
- Multiple ebtables programs were executing simultaneously. The ebtables userspace tool doesn't by default support multiple ebtables programs running concurrently. The ebtables option --concurrent or a tool like flock can be used to support concurrent scripts that update the ebtables kernel tables.
- The kernel doesn't support a certain ebtables extension, consider recompiling your kernel or insmod the extension.
- nl_group is a bit mask with every bit representing a netlink group number.
refarence document for netlink
- 実行する際には以下のコマンドを実行する必要がある
ebtables -A FORWARD --ulog-nlgroup 1 --ulog-cprange 131072- 次に以下のソースを実行
./write_tap_v5_hyper 1- コマンドの第二引数はnlgroupの番号