Hello, paddy joesoap a écrit : > > Normally I think of firewalls as controlling packet flows that pass > through it (for example:Internet to Intranet). > > Can netfilter also control traffic on the same subnet? Yes, if the traffic passes through it. This can be done by setting up a filtering bridge using bridge-nf : the IP packets in bridged ethernet frames will be filtered by iptables rules. > Suppose I had the following set up: > Internal Machines 1,2 and 3 are on the same subnet governed by the > netfilter firewall. > > ---------- Machine1 > Internet ------ Netfilter Firewall ---------- Machine2 > ---------- Machine3 Does the Firewall bridge Machine1-3 together (and thus have a separate ethernet interface for each one) or is there an ethernet switch between them ? A switch won't pass the traffic between Machine1-3 to the Firewall. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
