[Bridge] bridge firewall

[Bridge] bridge firewall

[Hugh Crissman]

I am in the process of building a bridge firewall to place as the gateway to my network. I have a couple 
questions that I can't seem to find clear answers to. Can snort sniff on a bridged interface? Second, can 
ebtables block by IP? I know IP is layer 3 and a Bridge is Layer 2 but some of the recipes I have seen for 
ebtables have ips in them.

In general I would like to be able to snort all incoming traffic on the bridge and filter out any traffic from 
attackers who appear to be reoccurring offenders.

Thanks,

Hugh Crissman

Re: [Bridge] bridge firewall

[Hugh Crissman]

Thanks Ryan,

That answers one of my major questions. I was not sure if I should have snort sniff on /dev/eth1 (a nic that is part of my bridge) or /dev/br0 
(the bridge interface I created). I would assume that snort capture is very similar to tcpdump and sniffing on /dev/br0 would work fine. I will 
give that a shot. Now I wonder if iptables can block traffic on the bridge? If so, would the recipes call the bridge interface or one of the 
specific interfaces that are active in the bridge ie. /dev/br0 or /dev/eth1?

Thanks,

Hugh

* Ryan McConigley <ryan@csse.uwa.edu.au> [2005-07-01 08:35:21]:

> At 08:15 AM 30/06/2005 -0400, you wrote:
> >I am in the process of building a bridge firewall to place as the gateway 
> >to my network. I have a couple
> >questions that I can't seem to find clear answers to. Can snort sniff on a 
> >bridged interface? Second, can
> >ebtables block by IP? I know IP is layer 3 and a Bridge is Layer 2 but 
> >some of the recipes I have seen for
> >ebtables have ips in them.
> 
>         I assume it can.  Just tell snort to use the bridge interface as 
> opposed to the actually enternet cards.  Thats how I do packet capture on 
> our bridge using tcpdump.  You'll probably get a better answer from the 
> list though.
> 
>         And I thought that ebtables was only layer2, but I know with 
> iptables you can specify mac addresses, so I wouldn't be surprised if 
> ebtables has the same style of functionality or plugins.
> 
>         Just my $0.02 worth.
> 
>         Cheers,
>                 Ryan.
> 
> --
>           Ryan McConigley - Systems Administrator                  _.-,
>      Computer Science   University of Western Australia        .--'  '-._
>        Tel: (+61 8) 6488 7082 - Fax: (+61 8) 6488 1089       _/`-  _      '.
> Ryan[@]csse.uwa.edu.au - http://www.csse.uwa.edu.au/~ryan  '----'._`.----. \
>                                                                      `     
>                                                                      \;
>  "You're just jealous because the voices are talking to me"                
>  ;_\
> 
> 
> 

[Bridge] Bridge firewall

[Rajaraman S]

Hi,

I'm relatively new to linux world.I'm just trying to setup a bridge firewall
between a router and LAN.

I've installed Red Hat Linux 9.0 - 2.4.20-8 from installation CDs and
upgraded to 2.4.25 successfully.

I've patched my kernel to support bridge firewall also loaded ebtables
module,so far so good.Now I tried to create a bridge using the code given in
the following link
http://www.sjdjweis.com/linux/bridging/bridge

I ran the script,and then i typed 'brctl show' to check whether the bridge
is up.It showed the created bridge but in the next few seconds machine froze
completely.I had to restart the machine.I've tried doing the same thing four
to five times but each time it froze after i created the bridge.What's
happening???

Do I need to upgrade the kernel with any other patch or am I missing
something very obvious.

Expecting your reply.

Thanks & Regards,
S.Rajaraman
iDeaLab India Pvt Ltd