커널에서 브리지에 묶여있는 인터페이스 패킷필터링 매칭 Enable / Disable 기능
브리지 확인
[root@mojily bridge]# brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.00e0ed0b2d26 no eth1
eth2
커널 바이패스
[root@mojily bridge]# cat /proc/sys/net/bridge/bridge-nf-call-iptables
0
[root@mojily bridge]# echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
[root@mojily bridge]# echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
0 : iptables 룰과 매칭시키지 않음 (바이패스)
1 : 정상적인 방화벽 기능을 수행 (iptables 매칭)
/proc/sys/net/bridge/* Variables:
bridge-nf-call-arptables - BOOLEAN
1 : pass bridged ARP traffic to arptables' FORWARD chain.
0 : disable this.
Default: 1
bridge-nf-call-iptables - BOOLEAN
1 : pass bridged IPv4 traffic to iptables' chains.
0 : disable this.
Default: 1
bridge-nf-call-ip6tables - BOOLEAN
1 : pass bridged IPv6 traffic to ip6tables' chains.
0 : disable this.
Default: 1
bridge-nf-filter-vlan-tagged - BOOLEAN
1 : pass bridged vlan-tagged ARP/IP traffic to arptables/iptables.
0 : disable this.
Default: 1
