Hi everyone. What's the current status of the kernel bridging
code with respect to netfilter stack? We want to put a transparent
firewall working. So we need to apply netfilter rules to the packets
between two interfaces in the same bridge group.
We've looked into the bridge-utils web pages, they mention a
kernel patch to make bridged packets to through the netfilter stack,
but the last patch update is for kernel 2.2.x.
Does the current 2.4.x kernels include netfiltering bridged
packets? I just saw some references to netfilter in the bridge code, I
was wondering what they actually do...
Cheers,
PS: I did some experimentation with openbsd, and the fact is
they do support packet filtering over bridged packets, seamlessly
integrated into the whole operating system. Very neat indeed...
PPS: Our dilemma is this: we have openbsd that filters bridged
packets but does not provide (AFAIK) sophisticated queuing policies,
and we have linux that does it (iproute2) but does not filter bridged
packets... :-\
--
*** Rodrigo Martins de Matos Ventura <[email protected]>
*** Web page: http://www.isr.ist.utl.pt/~yoda
*** Teaching Assistant and PhD Student at ISR:
*** Instituto de Sistemas e Robotica, Polo de Lisboa
*** Instituto Superior Tecnico, Lisboa, PORTUGAL
*** PGP fingerprint = 0119 AD13 9EEE 264A 3F10 31D3 89B3 C6C4 60C6 4585
Sat, Jul 14, 2001 at 07:59:32PM +0100, Rodrigo Ventura wrote:
> Hi everyone. What's the current status of the kernel bridging
> code with respect to netfilter stack? We want to put a transparent
> firewall working. So we need to apply netfilter rules to the packets
> between two interfaces in the same bridge group.
>From what I've read the code is still experimental and there are a few
issues with it killing the machine. The 2.4 mainstream kernel has the
hooks but an extra patch is required to get it going.
Pat
--
Patrick Cole - Debian Developer <[email protected]>
- Linux.com Volunteer <[email protected]>
- ANU JCSMR ICU Staff <[email protected]>
- PGP Key ID 6 0 D 7 4 C 7 D