On Wed, 2 Aug 2000, Ira Abramov wrote:
> On Wed, 2 Aug 2000, Gilad Ben-Yossef wrote:
>
> > The easiest solution is:
> >
> > 1. Install on the Firewall machine both the bridging patch and the IP
> > firewalling on a bridge patch that can be found at
> > http://www.openrock.net/bridge.
> >
>
> I never tried that one. won't the bridging code bypass the forwarding
> rules of the IP stack, as it works at the 2nd layer, before the TCP/IP
> stack is used? that would defeat the purpose of a firewall I think...
>
In the URL I gave there is a patch to allow filtering of IP packets (I
should really say Ethernet frames containing IP packets) by IPchains when
they pass through the bridging code.
It works beautifuly - really one of the coolest hacks I've seen. ;-)
---
Gilad Ben-Yossef <[EMAIL PROTECTED]>
Tel: +972-54756701
GP: Is Eris true? Fax: +972-15154756701
M2: Everything is true. HTTP: http://benyossef.com
GP: Even false things? GPG: 64C5 8B59 74D5 8FAE F097
M2: Even false things are true. 8DF8 4590 CE75 F444 6178
GP: How can that be? SMS: http://benyossef.com/how.html
M2: I don't know man,I didn't do it. IRC: Fidros
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
