[Bridge] 20000205

Wayback MachineAbout this captureCOLLECTED BY Organization: Alexa Crawls Starting in 1996, Alexa Internet has been donating their crawl data to the Internet Archive. Flowing in every day, these data are added to the Wayback Machine after an embargo period. Collection: Alexa Crawls DE Crawl data donated by Alexa Internet. This data is currently not publicly accessible TIMESTAMPSloadingbuytenh@gnu.orgbuytenh@gnu.org
Mon, 7 Feb 2000 12:15:40 +0100 (CET)Hi there,20000205 is out. The ipchains add-on patch now works (or at least, itseems to). It isn’t all that clearly documented, but it works like this:- If you want to use it, configure bridge firewalling into the kernel. The bridge firewalling is supposed to be an extra module, but for now the firewall stuff is linked into bridge.o, because I have no idea how to separate the two (Makefile-wise, I mean).- When taking the forwarding decision, the packet is checked against the chain , with the -i (interface) set to the outgoing interface. The incoming interface probably makes more sense (and in 2.3 we could even do both), so this is likely to change in the near future).- If the chain does not exist, the packet is always forwarded.- So, if you want firewalling, you’ll have to create the chain yourself! Important detail!Example:# brctl addbr br0# brctl addif br0 eth0# ifconfig br0 10.0.0.254# ipchains -N br0# ipchains -A br0 -s 10.0.0.1/8 -i eth0 -j DENYThe next snapshot will probably have this documented properly (famous lastwords….. :-)greetings,Lennert

Leave a Reply

Your email address will not be published. Required fields are marked *