Very interesting, to have a patent without an implementation :)
The idea of an "invisible" network security device itself is not new (I bet your mail to this list did pass through a few of them, including some operated by the NSA). The entire patent however may describe something new.
"Packets" are a layer3 concept. Ethernet is layer2, and there the data units are called "frames". Confusingly, the documentation on Linux is in the packet(7) manpage.
If you want to program this yourself, then have a look at the socket(2) and packet(7) manpages as a starting point. The Ethernet interface itself does need a little bit of configuration: all you need to do is bring it up (ip link set eth0 up).
If your your rules for filtering/blocking frames are more modest, then you should use ebtables(8) instead of programming it yourself.
In both cases, you'll want to use brctl(8) to set up 2 network interfaces as a bridge (switch).
On 07/10/13 16:21, Eric Barnes wrote: