Re: iptables with a linux bridge

To: Simon Murcott <simon@murcott.net>
Cc: debian-security@lists.debian.org
Subject: Re: iptables with a linux bridge
From: martin f krafft <madduck@madduck.net>
Date: Thu, 29 Nov 2001 04:40:13 +0100
Message-id: <[🔎] 20011129044013.H26177@fishbowl.madduck.net>
Mail-followup-to: Simon Murcott <simon@murcott.net>, debian-security@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.32.0111291627270.19291-100000@server.murcott.net>
References: <[🔎] 20011129042445.A28137@fishbowl.madduck.net> <[🔎] Pine.LNX.4.32.0111291627270.19291-100000@server.murcott.net>

* Simon Murcott <simon@murcott.net> [2001.11.29 16:31:12+1300]:
> One point you are missing is that it is possible using this kind of
> configuration to create a firewall where you cannot address any of it's
> external interfaces. So how can you do an intrusion attack on a firewall
> that you cannot address?

okay, this is an interesting point. however, all i was saying is that
the linux bridging project is commiting suicide (as the bridging
project) as soon as they interface with netfilter or anything else
that works with IP.

but the more i think about this idea, the more i am liking it. who
needs a bridge anyway? no, who needs that thing to be called a bridge?
it's a firewall with the usually mandatory routing component ripped
out.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
  
to vacillate or not to vacillate,
that is the question ... or is it?

Attachment: pgpfN0qZynJ3N.pgp
Description: PGP signature

Reply to:

References:
- Re: iptables with a linux bridge
  - From: martin f krafft <madduck@madduck.net>
- Re: iptables with a linux bridge
  - From: Simon Murcott <simon@murcott.net>

Prev by Date: Re: iptables with a linux bridge
Next by Date: Re: iptables with a linux bridge
Previous by thread: Re: iptables with a linux bridge
Next by thread: Re: iptables with a linux bridge
Index(es):
- Date
- Thread