Re: iptables bridge filter question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le Thu Mar 18 15:33:58 2004, Antony Stone a écrit:
| > > I have setup a bridging firewall. I want to drop packets on the external
| > > interface, which have source addresses on my internal network. However,
| > > the firewall/bridge sits between my T1 router and the rest of my LAN. Is
| > > there a way to drop the packets mentioned previously, but allow the
| > > router? I guess a rule could be created that uses the routers mac address
| > > as a match. I've been playing around with this, but I'm not getting the
| > > result I want. I could sure use some advice on this.
| > >
| > > [ LAN xx.xx.xx.0/24 ]<==>[ bridge/firewall ]<==>[ router xx.xx.xx.254/24
| > > ]
| >
| > How about:
| >
| > iptables -A FORWARD -i $extIF -s xx.xx.xx.254 -j ACCEPT
| > iptables -A FORWARD -i $extIF -s xx.xx.xx.0/24 -j DROP
| 
| Okay, scrub that - I overlooked the significance of it being a *bridging* 
| firewall :(

Well this is not altogether stupid :) provided you have the bridge-nf
patch for a 2.4 kernel or a 2.6 kernel with bridge filtering and
ebtables.

Vincent.
-- 
   .~.     Vincent Haverlant  -- Galadril -- #ICQ: 35695155   
   /V\      MSN: vincent_msn@xxxxxxxxxxxxx  -- http://www.haverlant.org/
  /( )\      Parinux member: http://www.parinux.org/
  ^^-^^       GPG: 8FEA 52C2 5C54 A201 2375  0FA5 AF2E 1881 92D0 EE84



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux