[Bridge] 20000205

Mon, 7 Feb 2000 12:15:40 +0100 (CET)Hi there,20000205 is out. The ipchains add-on patch now works (or at least, itseems to). It isn’t all that clearly documented, but it works like this:- If you want to use it, configure bridge firewalling into the kernel. The bridge firewalling is supposed to be an extra module, but for now the firewall stuff is linked into bridge.o, because I have no idea how to separate the two (Makefile-wise, I mean).- When taking the forwarding decision, the packet is checked against the chain , with the -i (interface) set to the outgoing interface. The incoming interface probably makes more sense (and in 2.3 we could even do both), so this is likely to change in the near future).- If the chain does not exist, the packet is always forwarded.- So, if you want firewalling, you’ll have to create the chain yourself! Important detail!Example:# brctl addbr br0# brctl addif br0 eth0# ifconfig br0 ipchains -N br0# ipchains -A br0 -s -i eth0 -j DENYThe next snapshot will probably have this documented properly (famous lastwords….. :-)greetings,Lennert

