1 This module matches on the bridge port input and output devices enslaved 2 to a bridge device. This module is a part of the infrastructure that enables 3 a transparent bridging IP firewall and is only useful for kernel versions 4 above version 2.5.44. 5 .TP 6 [\fB!\fP] \fB\-\-physdev\-in\fP \fIname\fP 7 Name of a bridge port via which a packet is received (only for 8 packets entering the 9 .BR INPUT , 10 .B FORWARD 11 and 12 .B PREROUTING 13 chains). If the interface name ends in a "+", then any 14 interface which begins with this name will match. If the packet didn't arrive 15 through a bridge device, this packet won't match this option, unless '!' is used. 16 .TP 17 [\fB!\fP] \fB\-\-physdev\-out\fP \fIname\fP 18 Name of a bridge port via which a packet is going to be sent (for packets 19 entering the 20 .BR FORWARD , 21 .B OUTPUT 22 and 23 .B POSTROUTING 24 chains). If the interface name ends in a "+", then any 25 interface which begins with this name will match. Note that in the 26 .BR nat " and " mangle 27 .B OUTPUT 28 chains one cannot match on the bridge output port, however one can in the 29 .B "filter OUTPUT" 30 chain. If the packet won't leave by a bridge device or if it is yet unknown what 31 the output device will be, then the packet won't match this option, 32 unless '!' is used. 33 .TP 34 [\fB!\fP] \fB\-\-physdev\-is\-in\fP 35 Matches if the packet has entered through a bridge interface. 36 .TP 37 [\fB!\fP] \fB\-\-physdev\-is\-out\fP 38 Matches if the packet will leave through a bridge interface. 39 .TP 40 [\fB!\fP] \fB\-\-physdev\-is\-bridged\fP 41 Matches if the packet is being bridged and therefore is not being routed. 42 This is only useful in the FORWARD and POSTROUTING chains. 43
