All of lore.kernel.org
 help / color / mirror / Atom feed
From: Robert Stannard <robert.stannard@uku.co.uk>
To: bridge@lists.osdl.org
Subject: [Bridge] Security question
Date: Wed, 27 Apr 2005 13:31:49 +0100	[thread overview]
Message-ID: <426F8635.2000503@uku.co.uk> (raw)

I don't know if anybody can help me?

 I have just set up a Linux server with bridging and I have a security 
question. I tried to enable the default firewall on the system but found 
that I have to have my bridge set as a trusted device. This is obviously 
not what I want for a secure system. I have a small number of ports that 
I want open on my server, but the rest I want firewalled. However on one 
side of my bridge I have my internet connection and on the other side is 
a winXP machine that needs to be able to use all parts of the internet 
(ie all traffic needs to be forwarded through the bridge and not 
dependent on ports.)

The default firewall included with Fedora core 3 seems to affect all the 
traffic flowing across the bridge.

Is there a way the firewall can sit after the bridge and just filter 
incoming traffic from the bridge with the bridge's assigned IP address?

Sorry if this does not make a great deal of sense. I can elaborate 
further if required. I am quite new to Linux and still have a lot to learn.
Am I thinking along the right lines that I need to learn about iptables 
or would ebtables be a better route to go down?
The simplest solution that does not require too much learning would be best!

Best Regards
Robert Stannard

                 reply	other threads:[~2005-04-27 12:31 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=426F8635.2000503@uku.co.uk \
    --to=robert.stannard@uku.co.uk \
    --cc=bridge@lists.osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.