Re: Firewall on a debian Box.
> Yes, it canbe done, although it is tricky. I know it can, since I have
> exactly such a setup, and it works very well now, although it was a real
> pain in the ass to set up.
as was the bridge with me *g*
> > you need a complete bridge and you want to do firewalling (wheres the bridge
> > included in the kernel does not packte-filter!)
>
> The bridge included in 2.4.x kernels is well integrated with the
> firewalling code, and you can easily set up rules to filter traffic going
> through the bridge. There are also some patches available for recent 2.2.x
No, you cannot filter traffic going through the bridge, as far as i know.
This has a simple reason: the bridge is ethernet-low-level and does not
"know" what IP is, so it can't filter IP. But it can bridge any protocol.
This is why there is a patch for the 2.4. kernels as well (but which is
broken right now, leading to complete hangups with me)
> kernels that enable them to filter packets going through the bridge. I do
> not remember the URL, though.
This is the patch i'm using, which works quite well, but due to a lot of
outdated and misleading documentation took me quite long to setup.
It adds two ne chains to ipchains, named bridgein and bridgeout if i
remember correctly. (perhaps it's bridgein only)
Greetings,
Erich
Reply to: