Hi!
If I understand the source in br_netfilter correctly:
* The bridge normally forwards frames based on the MAC addresses only.
* Netfilter is only capable of handling IP (as normally only this capability
is needed on an IP router).
* Frames belonging to other protocols pass unconditionally:
...
if ((*pskb)->mac.ethernet->h_proto != __constant_htons(ETH_P_IP))
return NF_ACCEPT;
...
Wouldn't it make sense to extend this behaviour to at least handle frames
selectively based on protocols? Of course ARP is needed, but what sense does
it make to block port 137-139 when NETBEUI is still possible...
Best regards,
Lutz
--
[EMAIL PROTECTED] Innominate Security Technologies AG
Dr.-Ing. Lutz Jaenicke networking people
Engineer/Software Engineer http://www.innominate.com/
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
