On Sa, 16.10.2004, 13:39, Benjamin Goedeke wrote:
...
ethernet address, namely the one of the upstream router.) So it seems
arp resolution occurs even though the packets are being dropped. That's
why I thought the bridge before the firewall could be a good idea. But
I guess the net gets clogged even before it reaches the bridge.
Yes! That resolution is independend from chain FORWARD.
It look's into the routing table for the next hop of a packet
before using netfilter with FORWARD chain.
And then that could happen I wrote in my message some hours before!