I have seen and responded to many different bridging related firewalling
questions as of late. There seems to be a common assumption that
IPTables does not and / or can not see bridged traffic. This is not the
case.
If you enable the "Bridged IP/ARP packets filtering"
(CONFIG_BRIDGE_NETFILTER) option IPTables can see and act on bridged
traffic. If this is turned on and you have a default filter:FORWARD
policy of DENY, or a catch all rule of DENY, you will need to explicitly
allow bridged traffic to be forwarded.
(excerpt from menuconfig) "Enabling this option will let arptables resp.
iptables see bridged ARP resp. IP traffic. If you want a bridging
firewall, you probably want this option enabled."
I hope this helps others avoid problems in the future.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
