{"id":1251,"date":"2014-12-10T14:14:44","date_gmt":"2014-12-10T06:14:44","guid":{"rendered":"https:\/\/cowmanchiang.me\/wp\/?p=1251"},"modified":"2023-10-31T15:44:27","modified_gmt":"2023-10-31T07:44:27","slug":"bridge-firewall-use-iptables-to-contorl-packet","status":"publish","type":"post","link":"https:\/\/cowmanchiang.me\/wp\/?p=1251","title":{"rendered":"bridge firewall use iptables to contorl packet"},"content":{"rendered":"<p>\u56e0\u70ba\u9810\u8a2d\u7684bridge firewall ploicy\u662fbypass&#8230;\u5c6c\u65bc\u901a\u900f\u7684firewall (layer 2)<br \/>\n\u6240\u4ee5\u5728layer 3\u7684iptables\u5c31\u7ba1\u4e0d\u5230\u4ed6\u4e86<\/p>\n<p>\u9019\u6642\u5019\u53ef\u4ee5\u4fee\u6b63 \/etc\/sysctl.conf \u5167\u7684\u8a2d\u5b9a\uff0c\u589e\u52a0\u4e0b\u9762\u7684\u8cc7\u6599<br \/>\n<code><\/p>\n<h1>\u91dd\u5c0dbridge\u9032\u884c\u904e\u6ffe<\/h1>\n<p>net.bridge.bridge-nf-call-iptables = 1<br \/>\nnet.bridge.bridge-nf-call-ip6tables = 1<br \/>\nnet.bridge.bridge-nf-call-arptables = 1<br \/>\n<\/code><\/p>\n<p>\u7136\u5f8c\u4f7f\u7528 sysctl -p \/etc\/sysctl.conf \u57f7\u884c<\/p>\n<p>\u4e5f\u53ef\u4ee5\u900f\u904e sysctl -a | grep bridge-nf \u89c0\u770b\u76ee\u524d\u76f8\u95dc\u8a2d\u5b9a<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u56e0\u70ba\u9810\u8a2d\u7684bridge firewall ploicy\u662fbypass&#8230;\u5c6c\u65bc\u901a\u900f\u7684firewall (layer 2) \u6240\u4ee5\u5728layer 3\u7684iptables\u5c31\u7ba1\u4e0d\u5230\u4ed6\u4e86 \u9019\u6642\u5019\u53ef\u4ee5\u4fee\u6b63 \/etc\/sysctl.conf \u5167\u7684\u8a2d\u5b9a\uff0c\u589e\u52a0\u4e0b\u9762\u7684\u8cc7\u6599 \u91dd\u5c0dbridge\u9032\u884c\u904e\u6ffe net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-arptables = 1 \u7136\u5f8c\u4f7f\u7528 sysctl -p \/etc\/sysctl.conf \u57f7\u884c \u4e5f\u53ef\u4ee5\u900f\u904e sysctl -a | grep bridge-nf \u89c0\u770b\u76ee\u524d\u76f8\u95dc\u8a2d\u5b9a<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[],"class_list":["post-1251","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/posts\/1251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1251"}],"version-history":[{"count":1,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/posts\/1251\/revisions"}],"predecessor-version":[{"id":1975,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/posts\/1251\/revisions\/1975"}],"wp:attachment":[{"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}