Bridging and iptables/ebtables

[David Goldsmith <dgoldsmith-securityfocus () incidents org>]

I had a GenII virtual honeynet built using RedHat 7.3, 2.4.18-3 kernel
and VMware GSX.  I was bridging between the physical Ethernet interface
and the VMware host-only network and using iptables to filter the
traffic.

The RedHat 2.4.18-3 kernel included the patch
linux-2.4.16-bridgefilter.patch which added the CONFIG_BRIDGE_NF kernel
option.  Installing the bridge-utils package was sufficient to be able
to establish the bridge and filter the traffic with iptables.

I've reloaded the honeynet using RedHat 9 and have compiled a newer
2.4.2x kernel.  I've grabbed the correct ebtables-brnf-3_vs_2.4.x.diff
patch and applied it to the kernel.  Bridging works but iptables is not
filtering anything.

Am I missing some simple like needing to force the loading of one of the
newer bridge modules or do I have to use the ebtables user-space tool
either in place of or to supplement iptables?

Dave