[Firehol-support] message from xt_physdev when running firehol in bridge configuration

JT admin at jtlabs.net
Tue Nov 18 19:26:06 GMT 2014 

I'm having the same problem using bridged traffic. My resolution has
been to write my own manual iptables entries in firehol.conf.

vif+  <> br0 <> br1<> eth1
          /\
          \/
         eth0

br0 and br1 have physical address associated with them (eth0/vif+ and
eth1 respectively). Whenever I try to route or create interface rules
with a physout/physin I get the syslog message (even though it is
bridged traffic). Please let me know if it's user error.

For example, firehol.conf has:
router vm2inet inface vif+ outface br0 physout eth0
    route all               accept

which generates:
"xt_physdev: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING
chains for non-bridged traffic is not supported anymore."

instead I use:
iptables -I FORWARD -m physdev --physdev-is-bridged --physdev-in vif+
--physdev-out eth0 -j ACCEPT

So far any combination of inface/outface/physin/physout generates the
message. Let me know what other information I can provide.

Thanks,

JT

On 11/18/2014 9:12 AM, Tsaousis, Costa wrote:
> Hi Phineas,
>
> Can you trace it down?  Are you using physin/out on non-bridged traffic only?
> Try to run a few commands by hand to check which ones complain.
>
> Regards,
>
> Costa
>
>
>
> On Tue, Nov 18, 2014 at 3:59 PM, Phineas Gage <phineas919 at gmail.com> wrote:
>> Hi,
>>
>> I’m getting this message many times in my syslog when running firehol:
>>
>> xt_physdev: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.
>>
>> This happens only when I use either the ‘physin’ or ‘physout’ keywords on either my router definitions or route subcommands for the br0 (bridge) interface. If I omit those keywords it doesn’t happen. Can I still use ‘physin’ and ‘physout’ with my bridge somehow? They’re useful for knowing which direction the traffic is going through the bridge...
>>
>> Phineas
>>
>> _______________________________________________
>> Firehol-support mailing list
>> Firehol-support at lists.firehol.org
>> http://lists.firehol.org/mailman/listinfo/firehol-support
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support

More information about the Firehol-support mailing list