Firewall only/bridging set up
leon.stringer at ntlworld.com
Sun Nov 27 22:12:21 CET 2005
Thanks SpOoKeR, that answers my question. I'll read up on it.
On Sun, 2005-11-27 at 18:22 -0200, Sp0oKeR wrote:
> Try ebtables instead of iptables
> What is ebtables?
> The ebtables program is a filtering tool for a bridging firewall. The
> filtering is focussed on the Link Layer Ethernet frame fields. Apart
> from filtering, it also gives the ability to alter the Ethernet MAC
> addresses and implement a brouter.
> This website is also a reference for the Linux bridge-nf code, which
> gives Linux the functionality of a bridging IP/IPv6/ARP firewall, by
> letting iptables/ip6tables/arptables 'see' the bridged IPv4/IPv6/ARP
> Both ebtables and bridge-nf are a part of the standard 2.6 kernel. A
> patch for the 2.4 stable kernel is maintained here, because enough
> people keep bugging me when Marcelo releases yet another 2.4 kernel.
> On 11/27/05, Leon Stringer <leon.stringer at ntlworld.com> wrote:
> > Hi,
> > I've been using iptables as a firewalling router for a year and it's
> > worked brilliantly.
> > (O/T: It went into service after the Cisco-qualified engineers failed to
> > get their Cisco kit to meet our modest requirements!).
> > I now have a new requirement for just a firewall, i.e. no routing.
> > So the LAN will connect to one NIC and the other NIC will connect to the
> > ISP router.
> > So I assume that this will require a "virtual" bridge device to be set
> > up. And I've read that this isn't straightforward to get iptables to
> > work in this configuration.
> > So my question is: as an existing iptables user, should I be able to set
> > up a box for firewalling only as described?
> > If so, is there any (good!) documentation on this?
> > Or would I be better off with a firewall "appliance"?
> > Thanks in advance for any advice,
> > Leon...
More information about the netfilter