Thanks SpOoKeR, that answers my question. I'll read up on it. On Sun, 2005-11-27 at 18:22 -0200, Sp0oKeR wrote: > Try ebtables instead of iptables > > > What is ebtables? > > The ebtables program is a filtering tool for a bridging firewall. The > filtering is focussed on the Link Layer Ethernet frame fields. Apart > from filtering, it also gives the ability to alter the Ethernet MAC > addresses and implement a brouter. > This website is also a reference for the Linux bridge-nf code, which > gives Linux the functionality of a bridging IP/IPv6/ARP firewall, by > letting iptables/ip6tables/arptables 'see' the bridged IPv4/IPv6/ARP > packets. > Both ebtables and bridge-nf are a part of the standard 2.6 kernel. A > patch for the 2.4 stable kernel is maintained here, because enough > people keep bugging me when Marcelo releases yet another 2.4 kernel. > > http://ebtables.sourceforge.net/ > > Regards, > > Sp0oKeR > > On 11/27/05, Leon Stringer <leon.stringer@xxxxxxxxxxxx> wrote: > > Hi, > > > > I've been using iptables as a firewalling router for a year and it's > > worked brilliantly. > > > > (O/T: It went into service after the Cisco-qualified engineers failed to > > get their Cisco kit to meet our modest requirements!). > > > > I now have a new requirement for just a firewall, i.e. no routing. > > > > So the LAN will connect to one NIC and the other NIC will connect to the > > ISP router. > > > > So I assume that this will require a "virtual" bridge device to be set > > up. And I've read that this isn't straightforward to get iptables to > > work in this configuration. > > > > So my question is: as an existing iptables user, should I be able to set > > up a box for firewalling only as described? > > > > If so, is there any (good!) documentation on this? > > > > Or would I be better off with a firewall "appliance"? > > > > Thanks in advance for any advice, > > > > Leon...
