* A word about bridgeing to the wise...
@ 2006-12-13 3:47 Grant Taylor
0 siblings, 0 replies; only message in thread
From: Grant Taylor @ 2006-12-13 3:47 UTC (permalink / raw)
To: Mail List - Netfilter
Cc: Mail List - Linux Advanced Routing and Traffic Control
I have seen and responded to many different bridging related firewalling
questions as of late. There seems to be a common assumption that
IPTables does not and / or can not see bridged traffic. This is not the
case.
If you enable the "Bridged IP/ARP packets filtering"
(CONFIG_BRIDGE_NETFILTER) option IPTables can see and act on bridged
traffic. If this is turned on and you have a default filter:FORWARD
policy of DENY, or a catch all rule of DENY, you will need to explicitly
allow bridged traffic to be forwarded.
(excerpt from menuconfig) "Enabling this option will let arptables resp.
iptables see bridged ARP resp. IP traffic. If you want a bridging
firewall, you probably want this option enabled."
I hope this helps others avoid problems in the future.
Grant. . . .
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2006-12-13 3:47 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-12-13 3:47 A word about bridgeing to the wise Grant Taylor
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox