diff options
author | Patrick McHardy <kaber@trash.net> | 2010-07-02 09:32:57 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-07-02 09:32:57 +0200 |
commit | 4df53d8bab65cf2c18daebd51a5a4847e03f1943 (patch) | |
tree | f776c088d9d525672eac2e95ef1d183e52d88837 /net/bridge/br_private.h | |
parent | 7eb9282cd0efac08b8377cbd5037ba297c77e3f7 (diff) |
bridge: add per bridge device controls for invoking iptables
Support more fine grained control of bridge netfilter iptables invocation
by adding seperate brnf_call_*tables parameters for each device using the
sysfs interface. Packets are passed to layer 3 netfilter when either the
global parameter or the per bridge parameter is enabled.
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/bridge/br_private.h')
-rw-r--r-- | net/bridge/br_private.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index c83519b555b..7484065da30 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -164,6 +164,9 @@ struct net_bridge unsigned long feature_mask; #ifdef CONFIG_BRIDGE_NETFILTER struct rtable fake_rtable; + bool nf_call_iptables; + bool nf_call_ip6tables; + bool nf_call_arptables; #endif unsigned long flags; #define BR_SET_MAC_ADDR 0x00000001 |