[LARTC] ?OT? Linux 2.6: bridge + routing firewall
tomdeb
tom at debost.net
Fri Feb 16 15:12:31 CET 2007
What you might be interested in as well is the physdev match witch will
let you filter traffic on physical devices
T o M
| On Fri, Feb 16, 2007 at 03:37:10PM +0200, ??????????? ?????? wrote:
>I have some experience.
>
>It seems that you should explicitely allow bridging in iptables as well
>as in ebtables.
>
>So, in addition to my bridge roules in ebtables I also have this rule in
>iptables:
>
>iptables -A FORWARD -i br0 -o br0 -j ACCEPT
>
>Otherwise, it could block bridging by later rules or the policy.
>
>?? ??????, 15/02/2007 ?? 13:44 -0200, Edesio Costa e Silva ??????????:
>> Hi All!
>>
>> I need to deploy a bridge firewall using linux kernel 2.6. I had success
>> using kernel 2.4 plus br-nf patch. But the configuration does not work with
>> kernel 2.6.
>>
>> If the default policy for the iptables FORWARD chain is ACCEPT I have a
>> bridge. If iptables FORWARD chain is DROP I have an insulator (no packet
>> flows). Any hint?
>>
>> I did some google search and in many places they say "kernel 2.6 is not
>> recommended", "no luck with kernel 2.6", etc.
>>
>> Any link to a success story of a bridge firewall with kernel 2.6? Any
>> personal experience?
>>
>> Thanks in advance,
>>
>> Edésio
>> _______________________________________________
>> LARTC mailing list
>> LARTC at mailman.ds9a.nl
>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>>
>--
>?????????????????????? ???????????? <casper at meteor.dp.ua>
>
>_______________________________________________
>LARTC mailing list
>LARTC at mailman.ds9a.nl
>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
More information about the LARTC
mailing list