I can attest that it does work. Hang in there. As for patching, it is my understanding that the statement about 'newer kernels' is only half right. You do not need to patch your kernel to add bridging functionality (just enable it in the menu). You DO need to patch it if you want to use netfilter to filter said bridge traffic. I use this patch: http://bridge.sourceforge.net/devel/bridge-nf/bridge-nf-0.0.7-against-2. 4.19.diff With only that patch, I have successfully enabled bridges netfilter under both RedHat 7.3 and 9. To clarify a tad on the chains, INPUT and OUTPUT refer to traffic for and from the firewall itself. FORWARD refers to traffic crossing the firewall. These are two separate things and the rules do not effect chains they aren't applied to. For example, your rule... iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -v ...needs a FORWARD counterpart (if you also want that behavior on traffic crossing the firewall): iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -v Also your policy on FORWARD is accept. Your post didn't show any FORWARD drop rules, so if traffic is passing right through the firewall with these rules, well, it's working correctly. On the other hand, if you switch them all to FORWARD then there is no filtering on traffic to the firewall. Hope that helps. Bob
