Re: iptables with a linux bridge

To: martin f krafft <madduck@madduck.net>
Cc: debian-security@lists.debian.org
Subject: Re: iptables with a linux bridge
From: Attila Nagy <bra@fsn.hu>
Date: Thu, 29 Nov 2001 14:30:56 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.40.0111291428150.1231-100000@scribble.fsn.hu>
In-reply-to: <[🔎] 20011129041917.D26177@fishbowl.madduck.net>

Hello,

> a firewall needs to have IP routing capabilities to be able to enforce
> rules (same for a packet filter),
?
A proxy firewall doesn't need to have IP routing capabilities (eg.
forwarding packet between interfaces). And a proxy firewall is definietly
a firewall. (some people doesn't call packet filters as firewalls, that's
true, they mean a proxy under the term: firewall)

> but there is no IP routing going on as the network on one side of the
> bridge is the *same* as the network on the other, for instance
> 192.168.1.0/24.
Why does IP routing is so important if you want to build a packet filter?
The goal is to have the ability to deny or allow packets through the
device.

--------------------------------------------------------------------------
Attila Nagy                                    e-mail:  Attila.Nagy@fsn.hu
Budapest Polytechnic (BMF.HU)                   @work: +361 210 1415 (194)
H-1084 Budapest, Tavaszmezo u. 15-17.           cell.: +3630 306 6758

Reply to:

Follow-Ups:
- Re: iptables with a linux bridge
  - From: martin f krafft <madduck@madduck.net>

References:
- Re: iptables with a linux bridge
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: shutdown via webpage
Next by Date: Re: iptables with a linux bridge
Previous by thread: Re: iptables with a linux bridge
Next by thread: Re: iptables with a linux bridge
Index(es):
- Date
- Thread