linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* bridge and netfilter
@ 2001-07-14 18:59 Rodrigo Ventura
  2001-07-15 11:10 ` Patrick Cole
  0 siblings, 1 reply; 2+ messages in thread
From: Rodrigo Ventura @ 2001-07-14 18:59 UTC (permalink / raw)
  To: linux-kernel


        Hi everyone. What's the current status of the kernel bridging
code with respect to netfilter stack? We want to put a transparent
firewall working. So we need to apply netfilter rules to the packets
between two interfaces in the same bridge group.

        We've looked into the bridge-utils web pages, they mention a
kernel patch to make bridged packets to through the netfilter stack,
but the last patch update is for kernel 2.2.x.

        Does the current 2.4.x kernels include netfiltering bridged
packets? I just saw some references to netfilter in the bridge code, I
was wondering what they actually do...

        Cheers,

        PS: I did some experimentation with openbsd, and the fact is
they do support packet filtering over bridged packets, seamlessly
integrated into the whole operating system. Very neat indeed...

        PPS: Our dilemma is this: we have openbsd that filters bridged
packets but does not provide (AFAIK) sophisticated queuing policies,
and we have linux that does it (iproute2) but does not filter bridged
packets... :-\

-- 

*** Rodrigo Martins de Matos Ventura <yoda@isr.ist.utl.pt>
***  Web page: http://www.isr.ist.utl.pt/~yoda
***   Teaching Assistant and PhD Student at ISR:
***    Instituto de Sistemas e Robotica, Polo de Lisboa
***     Instituto Superior Tecnico, Lisboa, PORTUGAL
*** PGP fingerprint = 0119 AD13 9EEE 264A 3F10  31D3 89B3 C6C4 60C6 4585

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: bridge and netfilter
  2001-07-14 18:59 bridge and netfilter Rodrigo Ventura
@ 2001-07-15 11:10 ` Patrick Cole
  0 siblings, 0 replies; 2+ messages in thread
From: Patrick Cole @ 2001-07-15 11:10 UTC (permalink / raw)
  To: Rodrigo Ventura; +Cc: linux-kernel

Sat, Jul 14, 2001 at 07:59:32PM +0100, Rodrigo Ventura wrote:

>         Hi everyone. What's the current status of the kernel bridging
> code with respect to netfilter stack? We want to put a transparent
> firewall working. So we need to apply netfilter rules to the packets
> between two interfaces in the same bridge group.

>From what I've read the code is still experimental and there are a few
issues with it killing the machine. The 2.4 mainstream kernel has the 
hooks but an extra patch is required to get it going.

Pat

-- 
Patrick Cole  -  Debian Developer    <ltd@debian.org>
              -  Linux.com Volunteer <z@linux.com>
              -  ANU JCSMR ICU Staff <Patrick.Cole@anu.edu.au>
              -  PGP Key ID          6 0 D 7 4 C 7 D
                 

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-07-15 11:11 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-07-14 18:59 bridge and netfilter Rodrigo Ventura
2001-07-15 11:10 ` Patrick Cole

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).