bridge and netfilter

Rodrigo Ventura (yoda@isr.ist.utl.pt)
14 Jul 2001 19:59:32 +0100


Hi everyone. What's the current status of the kernel bridging
code with respect to netfilter stack? We want to put a transparent
firewall working. So we need to apply netfilter rules to the packets
between two interfaces in the same bridge group.

We've looked into the bridge-utils web pages, they mention a
kernel patch to make bridged packets to through the netfilter stack,
but the last patch update is for kernel 2.2.x.

Does the current 2.4.x kernels include netfiltering bridged
packets? I just saw some references to netfilter in the bridge code, I
was wondering what they actually do...

Cheers,

PS: I did some experimentation with openbsd, and the fact is
they do support packet filtering over bridged packets, seamlessly
integrated into the whole operating system. Very neat indeed...

PPS: Our dilemma is this: we have openbsd that filters bridged
packets but does not provide (AFAIK) sophisticated queuing policies,
and we have linux that does it (iproute2) but does not filter bridged
packets... :-\

-- 

*** Rodrigo Martins de Matos Ventura <yoda@isr.ist.utl.pt> *** Web page: http://www.isr.ist.utl.pt/~yoda *** Teaching Assistant and PhD Student at ISR: *** Instituto de Sistemas e Robotica, Polo de Lisboa *** Instituto Superior Tecnico, Lisboa, PORTUGAL *** PGP fingerprint = 0119 AD13 9EEE 264A 3F10 31D3 89B3 C6C4 60C6 4585 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/