On Wednesday 02 July 2003 17:08, Stroller wrote: > It confuses me how ipTables is able to distinguish between the physical > interface & the br0 interface, but these rules:
I know, the br-nf patch is responsible for this. As I've stated before, this behaviour is only for the 2.4 patch (for backwards compatibility). In the 2.5 series and 2.6 series -i will only match on br0, not on ethx (for bridged packets). You need the iptables physdev module there, which is in the iptables distro. The patch for 2.4.21 includes the physdev module too. > Consequently I believe it is possible to do all my filtering on the > basis of the iptables -i parameter. Is this correct..? Any comments..? Yes, but the physdev module is more versatile. > ipTables man page: > "[-m limit]... can be used in combination with the LOG target to give > limited logging, for example" > > Is it saying we want to log only SOME of the packets which we are > firewalling out, to save our logs getting too crowded..? See the iptables user mailing list for iptables-specific questions. > Is it easily possible to also NAT on a bridging-firewall, so that > private IP addresses can be allocated to the other machines..? How do I > achieve this, please..? Yes, first try getting it to work on a normal Linux firewall. Switching to a bridging firewall doing NAT should be easy then. cheers, Bart _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
