I see. On this cluster I want to build we would only use TCP/UDP. I'm just concerned about if a linux firewall will still forward packets from some low level protocol even if the input and output chains are put to deny or reject. I'm puzzled by this IT guy saying that switches talk some low level protocol which would propogate through our firewall and hence 'disturb' their network. I tend to say that that's nonsense. Isn't it so that the kernel does not forward packages it does not recognise anyway? Am I incorrect in assuming that no packages of _ANY_ protocol enter from the switch into the firewall and propogate to the other network when I put the default policies on reject/deny and that the switch and the cluster would be invisible? (The kernel would only be compiled with TCP support). On Wed, 7 Mar 2001, Arnaldo Carvalho de Melo wrote: > Em Wed, Mar 07, 2001 at 02:34:38PM +0100, J.R. de Jong escreveu: > > Hello all, > > > > I've got a question concerning firewalling. ICMP, UDP and TCP can be > > filtered out with ipchains/iptables, but what about IPX, ARP, netbios and > > such? To make my question more clear let me explain what I want. > > About IPX: netfilter support is in my TODO list, Steve Whitehouse (IIRC) > did work on this in the past, but the changes were too big and he preferred > to wait for 2.5 (IIRC) and now I think the patches are not maintained anymore, I > have it here and will work on this as soon as other IPX problems are fixed > (mostly about routing, which is needed anyway before we delve into > netfilter support). > > - Arnaldo > - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
