On Dec 28, 2011, at 15:54 , Steve Hill wrote:

> When using iptables to "REJECT" bridged network traffic under Scientific Linux 6.1, the kernel stack is corrupted, causing a kernel panic.

Right, this doesn't work. I'm not sure it will work with any Linux kernel.

DROPping packets, instead of REJECTing them, is probably safe. If it must be REJECT, the only solution is probably to have an additional VM acting as the firewall/router for the others.

Ebtables will work, but is rather limited in possibilities.

If you find another solution, I'd love to hear about it.

>  I have submitted a more detailed bug report, complete with stack trace, in the Red Hat bugzilla since this problem would affect Red Hat as well, but I am unsure if this is the appropriate place to file the bug report:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=770709

If you're 100% sure that it *does* affect RHEL, that's the right place.

-- 
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany