|
I don’t think I’m entirely
clear about what you are trying to block, but I *THINK* I just went through the learning curve to do a similar
thing myself, and was successful. Check
out ebtables.sourceforge.net. My
requirement was to put a transparent bridge between a router and a switch, to
block or allow CERTAIN traffic based on source and/or destination IP addresses. My particular scenario would have been more
appropriately handled by standard iptables, except for that I don’t
control the network configuration, so I couldn’t change any IP addresses. Basically, I downloaded the latest
ebtables user space utilities, and the kernel source for 2.6.4, compiled it on
my fresh RH9 box, then compiled the ebtables
tools. Ebtables then gave me the ability
to filter packets at layer two, while bridging.
-Steve From:
netfilter-admin@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On
Behalf Of Gerry Weaver Hello All, I have setup a bridging firewall. I want to drop packets on
the external interface, which have source addresses on my internal network.
However, the firewall/bridge sits between my T1 router and the rest of my LAN.
Is there a way to drop the packets mentioned previously, but allow the router?
I guess a rule could be created that uses the routers mac address as a match.
I've been playing around with this, but I'm not getting the result I want. I
could sure use some advice on this. [ LAN xx.xx.xx.0/24 ]<==>[ bridge/firewall
]<==>[ router xx.xx.xx.254/24 ] Thanks in advance, Gerry |
