PaulDotCom mailing list archives

Re: need iptables help

From: Robin Wood <robin () digininja org>
Date: Wed, 26 Dec 2012 14:53:50 +0000

On Dec 26, 2012 2:51 PM, "Champ Clark III" <cclark () quadrantsec com> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's true that "once upon a time" iptables and bridging did not play
together. However, it works fine now.  Bridge firewalls with iptables
can get a little funky :)  You may want to check out ebtables anyways
as a lot of people seem to prefer it on bridged firewalls.

Check any semi-recent man page for iptables; "This  module  matches on
the bridge port input and output devices enslaved to a bridge device.
This module is a part of the infrastructure that enables a transparent
bridging IP firewall and is only useful for kernel versions above
version 2.5.44."

See --physdev-in, --physdev-out, etc..


I'll have a look at that, I only have a single rule to apply and already
have iptables installed.

Robin


- --
- - Champ Clark III (cclark () quadrantsec com)
  Quadrant Information Security (http://quadrantsec.com)
  Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
  GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJQ2w5wAAoJENnmXt7Lmc3K4iMH/iZ/lZvBHyKBcfPFB44EKz1R
5z/RUadEr3OswWPIboMPX08e76zm0qg/5d1YvwHZ9RWwNJUBzv0/+fkBlP/xnH2A
hY7lTmdaq6iVm2MkOMbU3/svKAyfhuzJuxQBV0ty5drFdloaARqZNhsSC+gzVNyg
Ak0J2dXq8wAXrnUipB5SpkXROKzIzT3Ly2+y6gRKsChRgbBOz74Ri59tjZK1hmio
JoA9L4PJq3bjd+ucquoA/y0OCEmh4UDZW5yAhoo/KSaUCMnwfnuSeM38LUm0JNBj
LLpkOxyTN9tZ3+9GIzNS1Wf4DbGpWJgdlVpTr1b1AgB5qE5X99Zvc0KyA+vhVWE=
=zZ8L
-----END PGP SIGNATURE-----
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Re: need iptables help, (continued)
- - Re: need iptables help Robin Wood (Dec 23)
- Re: need iptables help Robin Wood (Dec 24)
  - Re: need iptables help Robin Wood (Dec 24)
    - Re: need iptables help Nik (Dec 25)
    - Re: need iptables help Robin Wood (Dec 26)
    - Re: need iptables help Hans Kokx (Dec 26)
    - Re: need iptables help Robin Wood (Dec 26)
    - Re: need iptables help Hans Kokx (Dec 26)
    - Re: need iptables help Robin Wood (Dec 26)
    - Re: need iptables help Champ Clark III (Dec 26)
    - Re: need iptables help Robin Wood (Dec 26)