On Fri, 1 Feb 2002, Lennert Buytenhek wrote:
> On Fri, Feb 01, 2002 at 10:20:52AM -0600, Chuck Bearden wrote: > > > > It would seem that the kernel you are running has not had the bridge-nf > > > patch applied to it. Do you see "Bridge firewalling registered" on > > > bootup? > > > > No, I didn't see that message when I scrolled back through the boot > > console. Also, /usr/doc/kernel-image-2.4.17-586tsc/README.Debian.1st.gz > > doesn't list bridge-nf among the two patches applied to the 2.4.17 > > kernel. It lists only a ReiserFS umount patch and a NFS client > > seekdir patch. > > So.. you're not using the firewall patch for the kernel. The bridge > firewalling code lives in the kernel, and not in userspace. > > > > Adrian Bunk's bridgeutils package does include a FIREWALL and > > FIREWALL.IPTABLES in /usr/doc/bridge-utils/, which leads me to > > believe that they expect that it can firewall in bridging mode. > > Nope. You _do_ need the patch. > > > > Would it be fair to conclude that the unpatched kernel 2.4.17 can do > > bridging firewalling but that it just can't do the filtering of > > packets to the bridge itself by physical interface? > > No. You can't do FORWARD firealling without the patch at all. Thanks. I realize that the firewalling happens in the kernel. I was hoping that the patch in question was simply one that that enabled INPUT filtering by physical interface. I'll have to make friends with Debian's kernel-package :) I appreciate your assistance and your work in developing the bridging code. I'm still looking very much forward to making it work. Best wishes, Chuck _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
