Re: Decent iptables script for bridging?

To: debian-security@lists.debian.org
Subject: Re: Decent iptables script for bridging?
From: Benjamin Goedeke <goedeke-deb-sec@gmx.net>
Date: Thu, 25 May 2006 18:08:24 +0200
Message-id: <[🔎] 4475D678.8080003@gmx.net>
In-reply-to: <[🔎] 20060523225833.GD21624@hezmatt.org>
References: <[🔎] 447311A4.2020406@wjpserver.cs.uni-sb.de> <[🔎] 20060523225833.GD21624@hezmatt.org>

Matthew Palmer wrote:
> 
> You need ebtables to manage bridge filtering, if I'm not mistaken.
> 

Only if you want to do link layer filtering. iptables works fine on a
bridge.

You can use pretty much any iptables script if you modify it to leave
out the NAT rules and in the FORWARD chain replace -i/-o with -m physdev
--physdev-in/physdev-out. If you use kernel 2.6.x, that is.

For 2.4.x you can keep using -i/-o for the incoming/outgoing interfaces.
But to do any filtering with iptables you will need the bridge-nf patch
(which has been merged with the ebtables patch and is available at
ebtables.sf.net)

Ben

Reply to:

References:
- Decent iptables script for bridging?
  - From: Christian Holler <decoder@wjpserver.cs.uni-sb.de>
- Re: Decent iptables script for bridging?
  - From: Matthew Palmer <mpalmer@debian.org>

Prev by Date: Hadi-Michel Makhlouf/7939/Skolverket är inte på kontoret.
Next by Date: Re: Request for comments: iptables script for use on laptops.
Previous by thread: Re: Decent iptables script for bridging?
Next by thread: Re: Decent iptables script for bridging?
Index(es):
- Date
- Thread