From mboxrd@z Thu Jan 1 00:00:00 1970 From: Herman Subject: Re: Bridge question Date: Fri, 17 Oct 2003 07:52:17 -0600 Sender: netfilter-admin@lists.netfilter.org Message-ID: <200310170752.17546.Herman@AerospaceSoftware.com> References: <200310162115.00685.Herman@AerospaceSoftware.com> <1066397839.29597.6.camel@jccn-crux-linux.djc.state.id.us> Reply-To: Herman@AerospaceSoftware.com Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1066397839.29597.6.camel@jccn-crux-linux.djc.state.id.us> Content-Disposition: inline Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: Jeremy Jones , netfilter@lists.netfilter.org Aaaaaaaaah... Thanks Jeremy! I think ebtables is exactly what the doctor ordered. I'll try my bridge+iptables kludge - explained in another post - as well and see which one we get to work properly first - we are running short on time with this project. Cheers, Herman On Friday 17 October 2003 7:37 am, Jeremy Jones wrote: Herman, in addition to the bridge.sourceforge.net pages, have a look at ebtables.sourceforge.net. the howto documentation you'll find at, say, tldp.org is a little out of date, but at ebtables, you may find more helpful info. i've been using the bridging code & netfilter-bridge kernel patch with 2.4.x for a while now, along with ebtables (analagous to iptables, but filters at layer 2), and it's doing wonders for me. good luck, Jeremy On Thu, 2003-10-16 at 21:15, Herman wrote: > Hi everybody, > > This question is not about iptables, but it is closely related, so somebody > might know the answer: > I am trying to construct a bridge, to filter 802.1q tags and protect a legacy > version 2.2 kernel server, while preserving port to port security on the LAN, > using the VLAN module. > > Can anybody refer me to some documentation on filtering on a bridge for the > 2.4 kernel? > > Regards,