Le Thu Mar 18 15:33:58 2004, Antony Stone a écrit: | > > I have setup a bridging firewall. I want to drop packets on the external | > > interface, which have source addresses on my internal network. However, | > > the firewall/bridge sits between my T1 router and the rest of my LAN. Is | > > there a way to drop the packets mentioned previously, but allow the | > > router? I guess a rule could be created that uses the routers mac address | > > as a match. I've been playing around with this, but I'm not getting the | > > result I want. I could sure use some advice on this. | > > | > > [ LAN xx.xx.xx.0/24 ]<==>[ bridge/firewall ]<==>[ router xx.xx.xx.254/24 | > > ] | > | > How about: | > | > iptables -A FORWARD -i $extIF -s xx.xx.xx.254 -j ACCEPT | > iptables -A FORWARD -i $extIF -s xx.xx.xx.0/24 -j DROP | | Okay, scrub that - I overlooked the significance of it being a *bridging* | firewall :( Well this is not altogether stupid :) provided you have the bridge-nf patch for a 2.4 kernel or a 2.6 kernel with bridge filtering and ebtables. Vincent. -- .~. Vincent Haverlant -- Galadril -- #ICQ: 35695155 /V\ MSN: vincent_msn@xxxxxxxxxxxxx -- http://www.haverlant.org/ /( )\ Parinux member: http://www.parinux.org/ ^^-^^ GPG: 8FEA 52C2 5C54 A201 2375 0FA5 AF2E 1881 92D0 EE84
