Very Computer

> I'm running a minimal install of Fedora Core 1 with the
> 2.4.22-1.2174.nptl kernel.  I installed bridge-utils, bridging seems to
> work fine, but I'm wondering how exactly I start packet filtering with
> iptables?  Do I need the ebtables/bridge-nf patch on my kernel before
> this will work, or is it already built in to Fedora's custom kernel and
> I need to do something to enable it?  Right now while testing, if I set
> two machines on either side of the bridge to continuously ping each
> other, and I set every default iptables policy to DROP (every valid
> combo filter, mangle, nat and INPUT, OUTPUT, FORWARD, PREROUTING,
> POSTROUTING), the ping still work fine, so obviously I'm missing
> something as how to drop the icmp packets.

> I set bridging up as follows:
> ifconfig eth0 0.0.0.0 up
> ifconfig eth1 0.0.0.0 up
> brctl addbr br0
> brctl addif br0 eth0
> brctl addif br0 eth1
> ifconfig br0 192.168.1.2 netmask 255.255.255.0

> Ultimately I want to only allow certain ip addresses on one side of the
> bridge to only be able to connect to certain ip addresses / tcp ports on
> the other side (with netfilter's state connection tracking).

> Thanks,
> Josh

> Josh:

> I have this setup on a RedHat 9.0 install, using a 2.6 patched kernel. I
> have three NICs, two for the bridge and one that plugs into a separate
> network for control. The last NIC is the only thing on the box that has
> an IP address.  Unfortunately you have to patch the kernel to get the
> bridging interface to feed into the netfilter tables.

> You can look at http://small.dropbear.id.au/docs/adslfirewall.html

> and google it with

> http://www.google.com/search?q=linux+bridging+firewall+netfilter+ipta...