Honeypots mailing list archives
Re: Bridging and iptables/ebtables
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Wed, 25 Feb 2004 22:14:53 +0100
Le mer 25/02/2004 à 20:54, David Goldsmith a écrit :
I've reloaded the honeynet using RedHat 9 and have compiled a newer 2.4.2x kernel. I've grabbed the correct ebtables-brnf-3_vs_2.4.x.diff patch and applied it to the kernel. Bridging works but iptables is not filtering anything.
That's strange. Have you try to match some traffic within FORWARD chain with LOG target to debug ?
Am I missing some simple like needing to force the loading of one of the newer bridge modules or do I have to use the ebtables user-space tool either in place of or to supplement iptables?
ebtables is supplement to iptables. When you use your Linux box as a bridge with ebtables-brnf patch, iptables will allow you to filter IPv4 packets inside forwarded frames, and nothing else. ebtables is a L2 filter that allow you to filter any forwarded frame based on its L2 and L3 headers. You can also filter different kind of frames such as ethernet, 802.1q or 802.1d. Suppose you activate a bridge and just filter using iptables. Than anything that is not IPv4 will cross your bridge unfiltered, such as IPX, NetBEUI, IPv6, etc. This quite bad to me. ebtables allows you to restrict forwarded traffic based on ethernet protocol field. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
Current thread:
- Bridging and iptables/ebtables David Goldsmith (Feb 25)
- Re: Bridging and iptables/ebtables Cedric Blancher (Feb 25)