Allied Telesis AT-WR4500 manual Bridge Brouting Facility, Submenu level /interface bridge broute

Property Description

action (accept arp-reply drop dst-nat jump log mark passthrough redirect return src-nat; default: accept) - action to undertake if the packet matches the rule, one of the:

accept - accept the packet. No action, i.e., the packet is passed through without undertaking any action, and no more rules are processed in the relevant list/chain

arp-reply - send a reply to an ARP request (any other packets will be ignored by this rule) with the specified MAC address (only valid in dstnat chain)

drop - silently drop the packet (without sending the ICMP reject message) dst-nat - change destination MAC address of a packet (only valid in dstnat chain) jump - jump to the chain specified by the value of the jump-target argument log - log the packet

mark - mark the packet to use the mark later

passthrough - ignore this rule and go on to the next one. Acts the same way as a disabled rule, except for ability to count packets

redirect - redirect the packet to the bridge itself (only valid in dstnat chain) return - return to the previous chain, from where the jump took place src-nat - change source MAC address of a packet (only valid in srcnat chain) out-bridge(name) - outgoing bridge interface

out-interface(name) - interface via packet is leaving the bridge to-arp-reply-mac-address(MAC address) - source MAC address to put in Ethernet frame and ARP payload, when action=arp-replyis selected

to-dst-mac-address(MAC address) - destination MAC address to put in Ethernet frames, when action=dst-natis selected

to-src-mac-address(MAC address) - source MAC address to put in Ethernet frames, when action=src- nat is selected

4.5.10Bridge Brouting Facility

Submenu level: /interface bridge broute

Description

This section describes broute facility specific options, which were omitted in the general firewall description

The Brouting table is applied to every packet entering a forwarding enslaved interface (i.e., it does not work on regular interfaces, which are not included in a bridge)

Property Description

action (accept drop dst-nat jump log mark passthrough redirect return; default: accept) - action to undertake if the packet matches the rule, one of the:

accept - let the bridging code decide, what to do with this packet

drop - extract the packet from bridging code, making it appear just like it would come from a not-bridged interface (no further bridge decisions or filters will be applied to this packet except if the packet would be router out to a bridged interface, in which case the packet would be processed normally, just like any other routed packet )

dst-nat - change destination MAC address of a packet (only valid in dstnat chain), an let bridging code to decide further actions

jump - jump to the chain specified by the value of the jump-target argument log - log the packet

mark - mark the packet to use the mark later

passthrough - ignore this rule and go on to the next one. Acts the same way as a disabled rule, except for ability to count packets

redirect - redirect the packet to the bridge itself (only valid in dstnat chain), an let bridging code to decide further actions

return - return to the previous chain, from where the jump took place to-dst-mac-address(MAC address) - destination MAC address to put in Ethernet frames, when action=dst-natis selected