To: linux-kernel@vger.kernel.org
Subject: bridge and netfilter
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Rodrigo Ventura <yoda@isr.ist.utl.pt>
Date: 14 Jul 2001 19:59:32 +0100
Message-ID: <lx7kxbxror.fsf@pixie.isr.ist.utl.pt>
Lines: 33
Sender: linux-kernel-owner@vger.kernel.org


        Hi everyone. What's the current status of the kernel bridging
code with respect to netfilter stack? We want to put a transparent
firewall working. So we need to apply netfilter rules to the packets
between two interfaces in the same bridge group.

        We've looked into the bridge-utils web pages, they mention a
kernel patch to make bridged packets to through the netfilter stack,
but the last patch update is for kernel 2.2.x.

        Does the current 2.4.x kernels include netfiltering bridged
packets? I just saw some references to netfilter in the bridge code, I
was wondering what they actually do...

        Cheers,

        PS: I did some experimentation with openbsd, and the fact is
they do support packet filtering over bridged packets, seamlessly
integrated into the whole operating system. Very neat indeed...

        PPS: Our dilemma is this: we have openbsd that filters bridged
packets but does not provide (AFAIK) sophisticated queuing policies,
and we have linux that does it (iproute2) but does not filter bridged
packets... :-\

-- 

*** Rodrigo Martins de Matos Ventura <yoda@isr.ist.utl.pt>
***  Web page: http://www.isr.ist.utl.pt/~yoda
***   Teaching Assistant and PhD Student at ISR:
***    Instituto de Sistemas e Robotica, Polo de Lisboa
***     Instituto Superior Tecnico, Lisboa, PORTUGAL
*** PGP fingerprint = 0119 AD13 9EEE 264A 3F10  31D3 89B3 C6C4 60C6 4585
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/