Re: [LARTC] ?OT? Linux 2.6: bridge + routing firewall

[tomdeb <tom@debost.net>]

What you might be interested in as well is the physdev match witch will
let you filter traffic on physical devices 

T o M

| On Fri, Feb 16, 2007 at 03:37:10PM +0200, ??????????? ?????? wrote: 
> I have some experience.
>
> It seems that you should explicitely allow bridging in iptables as well
> as in ebtables.
>
> So, in addition to my bridge roules in ebtables I also have this rule in
> iptables:
>
> iptables -A FORWARD -i br0 -o br0 -j ACCEPT
>
> Otherwise, it could block bridging by later rules or the policy.
>
> ?? ??????, 15/02/2007 ?? 13:44 -0200, Edesio Costa e Silva ??????????:
> > Hi All!
> >
> > I need to deploy a bridge firewall using linux kernel 2.6. I had success
> > using kernel 2.4 plus br-nf patch. But the configuration does not work with
> > kernel 2.6.
> >
> > If the default policy for the iptables FORWARD chain is ACCEPT I have a
> > bridge. If iptables FORWARD chain is DROP I have an insulator (no packet
> > flows). Any hint?
> >
> > I did some google search and in many places they say "kernel 2.6 is not
> > recommended", "no luck with kernel 2.6", etc.
> >
> > Any link to a success story of a bridge firewall with kernel 2.6? Any
> > personal experience?
> >
> > Thanks in advance,
> >
> > Edésio
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> --
> ?????????????????????? ???????????? <casper@meteor.dp.ua>
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc