From mboxrd@z Thu Jan 1 00:00:00 1970 From: tomdeb Date: Fri, 16 Feb 2007 14:12:31 +0000 Subject: Re: [LARTC] ?OT? Linux 2.6: bridge + routing firewall Message-Id: <20070216141231.GA28186@snoopy> List-Id: References: <20070215154459.GC6325@softaplic.com.br> In-Reply-To: <20070215154459.GC6325@softaplic.com.br> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org What you might be interested in as well is the physdev match witch will let you filter traffic on physical devices=20 T o M | On Fri, Feb 16, 2007 at 03:37:10PM +0200, ??????????? ?????? wrote:=20 >I have some experience. > >It seems that you should explicitely allow bridging in iptables as well >as in ebtables. > >So, in addition to my bridge roules in ebtables I also have this rule in >iptables: > >iptables -A FORWARD -i br0 -o br0 -j ACCEPT > >Otherwise, it could block bridging by later rules or the policy. > >?? ??????, 15/02/2007 ?? 13:44 -0200, Edesio Costa e Silva ??????????: >> Hi All! >>=20 >> I need to deploy a bridge firewall using linux kernel 2.6. I had success >> using kernel 2.4 plus br-nf patch. But the configuration does not work w= ith >> kernel 2.6. >>=20 >> If the default policy for the iptables FORWARD chain is ACCEPT I have a >> bridge. If iptables FORWARD chain is DROP I have an insulator (no packet >> flows). Any hint? >>=20 >> I did some google search and in many places they say "kernel 2.6 is not >> recommended", "no luck with kernel 2.6", etc. >>=20 >> Any link to a success story of a bridge firewall with kernel 2.6? Any >> personal experience? >>=20 >> Thanks in advance, >>=20 >> Ed=C3=A9sio >> _______________________________________________ >> LARTC mailing list >> LARTC@mailman.ds9a.nl >> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >>=20 >--=20 >?????????????????????? ???????????? > >_______________________________________________ >LARTC mailing list >LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc