* Wichert Akkerman <email@example.com> [2001.12.03 00:57:48+0100]: > It filters based on packet content that just happens to be IP > information. Just like the u32 filter, except the syntax is easier. > It still bridges. i guess you are right. my only problem is that a bridge does MAC/SNAP and is independent of transport level protocols. but a netfilter bridge still bridges... the cisco pix can act transparently too (i.e. below the IP layer), but it's an IP firewall and not a bridge. this discussion is "splitting hairs" - as we say in german, but noone is being forced to participate. i do believe that linux bridging + netfilter should be handled as a linux transparent firewall, but not as a bridge. i will probably be in touch with the bridging team about this. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck no micro$oft components were used in the creation or posting of this email. therefore, it is 100% virus free and does not use html by default (yuck!).
Description: PGP signature