[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables with a linux bridge



* Wichert Akkerman <wichert@wiggy.net> [2001.12.03 00:57:48+0100]:
> It filters based on packet content that just happens to be IP
> information. Just like the u32 filter, except the syntax is easier.
> It still bridges.

i guess you are right. my only problem is that a bridge does MAC/SNAP
and is independent of transport level protocols. but a netfilter
bridge still bridges...

the cisco pix can act transparently too (i.e. below the IP layer), but
it's an IP firewall and not a bridge.

this discussion is "splitting hairs" - as we say in german, but noone
is being forced to participate. i do believe that linux bridging +
netfilter should be handled as a linux transparent firewall, but not
as a bridge. i will probably be in touch with the bridging team about
this.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
  
no micro$oft components were used
in the creation or posting of this email.
therefore, it is 100% virus free
and does not use html by default (yuck!).

Attachment: pgpEctYUrfcq5.pgp
Description: PGP signature


Reply to: