> > Then use IPTables / EBTables / ARPTables to your heart's content. If you > enable layer 3 matching on layer 2 for ebtables, you can use IPTables to > filter bridged traffic. this is very interesting, because i was trying to set up a firewall on a vmware server (vmware creates a bridge, which is not a linux bridge (so brctl and ebtables do not work on this) , and connects all virtual machines to this bridge in order to give access to the network). i did the exact thing as you described, created a dummy interface, bridged my eth0 via a linuxbridge to the dummy interface, and then connected the vmware bridge to my dummy interface. that way, i am able to firewall the vmware traffic using ebtables. but now my question: what are you using the is there any advantage in using iptables to filter bridged traffic as you noted in my quote above? i use ebtables to do all the filtering in the linuxbridge, and it works pretty well.. thanks for your reply, clemens
Attachment:
signature.asc
Description: OpenPGP digital signature
