On Thu, Mar 08, 2001 at 02:52:49PM +1100, john slee wrote: > On Wed, Mar 07, 2001 at 09:10:49AM -0800, Stephen Satchell wrote: > > At 02:34 PM 3/7/01 +0100, J.R. de Jong wrote: > > >Now, if I disable IP forwarding and make the firewall airtight in the > > >sense that I use ipchains to deny any traffic between the networks does > > >anything low level from the switch or whatever still propogate to the > > >other network? > > AFAIK ipchains will only filter IP traffic. you can use --proto to pick > out/block "subprotocols" in IP (like TCP, UDP, ICMP, IGMP and others), > but it doesn't extend beyond IP. i think there was a posting recently > on linux-kernel from someone working on MAC-level filtering. if i can > dig up an archive url i will post it here. i'm an idiot, it was on this list. in case you didn't see it: http://marc.theaimsgroup.com/?l=linux-net&m=98339776308958&w=2 -- all your base are belong to us! - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
