[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-bridge
Subject:    Re: [Bridge] bridging, 2.4.1 and iptables
From:       Lennert Buytenhek <buytenh () gnu ! org>
Date:       2001-02-12 17:29:51
[Download RAW message or body]

Hi,

The current netfilter patch has uhm... 'issues'. 2.2 with ipchains is
stable, but that doesn't give you the flexibility to filter on two
interfaces in one rule. I'm working on the netfilter patch, but I really
don't have a timeframe for this.


cheers,
Lennert


On Thu, Feb 08, 2001 at 02:16:12PM -0500, Andrew Burke wrote:
> 
> Does all this stuff work "out of the box" yet?  I know that there were
> patches to make ipchains work w/ older bridging stuff, but I was wondering
> if it had all been integrated in these newfangled kernel jobbers.
> 
> I'm trying to get a setup like this:
> 
> eth0 is connected to the internet at large
> eth1, eth2 and eth3 are connected to three physically seperated (different
> switches) internal networks
> 
> eth1 should be say, completely open, as though it were right on the
> internet
> 
> eth2 should block the most heinous attacks, but be fairly open
> 
> eth3 should block almost all traffic
> 
> Is this possible?
> 
> It would be if iptables allowed me to make rules like:
> 
> iptables -A br0 -i eth0 -o eth3 -j DROP
> 
> obviously that wouldn't be very nice for the people on the network
> attached to eth3, but that's an example of how it would work for my
> ideally.
> 
> If anyone could point me to references on this kind of stuff, I would be
> very thankful.
> 
> 							andy
> 
> _______________________________________________
> Bridge mailing list
> Bridge@math.leidenuniv.nl
> http://www.math.leidenuniv.nl/mailman/listinfo/bridge

[prev in list] [next in list] [prev in thread] [next in thread]