"transparent" firewall possible?

To: <debian-isp@lists.debian.org>
Subject: "transparent" firewall possible?
From: "Jason Lim" <maillist@jasonlim.com>
Date: Mon, 4 Feb 2002 18:17:44 +0800
Message-id: <[🔎] 054d01c1ad65$3084db80$0400a8c0@zentek.net>
Reply-to: "Jason Lim" <maillist@jasonlim.com>

Hi,

I was wondering about this...

Is it possible to have a completely plug-n-play transparent firewall
setup? For example, all that would need to be entered into the firewall's
setup is the IP(s) that should be recognized, and the ports that should be
recognized.

The box would have 2 NIC cards... MZ (the internet) and LAN (behind
firewall)...

All the box does would be to bridge the two NICs, and perform "filtering"
in between the bridge.

I have something like that running right now (not working properly yet)...
I am using the "bridging-utils" in Debian testing to bridge eth0 (lan) and
eth1 (internet), and have iptables to do some filtering on incoming
packets on eth1. But does the bridging in the kernel pass the packets
directly from eth1 to eth0 before it hits the netfilter code? Or does the
netfilter code (and hence iptables) act first, filter the traffic, THEN
pass the data from eth1 to eth0?

Probably someone has done all this in the past, and in fact I have found a
distro that *sounds* like it does this, but it is a weird heavily
customized Redhat, and I would perfer to stick with the Debian that we all
love.

Sincerely,
Jason

Reply to:

Follow-Ups:
- Re: "transparent" firewall possible?
  - From: "Matt Ryan" <mryan@debian.org>
- Re: "transparent" firewall possible?
  - From: Joel Michael <joel@diggy.com.au>

Prev by Date: Re: woody's sendmail on potato
Next by Date: Re: "transparent" firewall possible?
Previous by thread: Re: woody's sendmail on potato
Next by thread: Re: "transparent" firewall possible?
Index(es):
- Date
- Thread