Hi, I was wondering about this...
Is it possible to have a completely plug-n-play transparent firewall setup? For example, all that would need to be entered into the firewall's setup is the IP(s) that should be recognized, and the ports that should be recognized. The box would have 2 NIC cards... MZ (the internet) and LAN (behind firewall)... All the box does would be to bridge the two NICs, and perform "filtering" in between the bridge. I have something like that running right now (not working properly yet)... I am using the "bridging-utils" in Debian testing to bridge eth0 (lan) and eth1 (internet), and have iptables to do some filtering on incoming packets on eth1. But does the bridging in the kernel pass the packets directly from eth1 to eth0 before it hits the netfilter code? Or does the netfilter code (and hence iptables) act first, filter the traffic, THEN pass the data from eth1 to eth0? Probably someone has done all this in the past, and in fact I have found a distro that *sounds* like it does this, but it is a weird heavily customized Redhat, and I would perfer to stick with the Debian that we all love. Sincerely, Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
