Am 05.01.2012 20:50, schrieb Bart De Schuymer:
Op 5/01/2012 0:13, Richard Weinberger schreef:
quoted
Let's export brnf_call_iptables and brnf_call_ip6tables, such that
physdev_mt_check() can notify the user that his iptables rule will have
no effect.
I don't want to introduce a runtime dependency between the iptables
physdev module and the bridge module.
This should keep working:
#modprobe bridge
#modprobe xt_physdev
#rmmod bridge
It will stop working if you use exported symbols of the bridge module in
the physdev module.
IMHO this behavior would be useful. 8-)
Removing bridge while xt_physdev is loaded will make some netfilter
rules void.
Which is not fun on a production firewall.
Thanks,
//richard